1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Slow Computer; instructions followed, reports attached.

Discussion in 'Malware and Virus Removal Archive' started by macpez, 2011/03/11.

  1. 2011/03/11
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    [Inactive] Slow Computer; instructions followed, reports attached.

    March 11, 2011

    Hello. I would appreciate your assistance with my computer problem.

    I have carefully read the instructions for posting a possible spyware problem, and included the below listed documents as instructed.

    1) Problem: Computer very slow starting up. Continuous "communication activity" when online.

    2) Problem started a few weeks ago when I left the computer on with Windows Explorer open overnight.

    3) Clue: Norton Antivirus would not update. I downloaded new update software from Symantec to correct. When I ran AntiMalware the following file was found and quarantined: "PUM.Disabled.SecurityCenter." Removal of this file did not seem to make a difference. Available free space on hard drive got smaller with each use.

    4) Computer: Windows XP, SP3; All updates installed. Use Norton Internet Security 2005. Run Spybot Search & Destroy every few weeks. Also have Spyware Blaster installed.

    Thanks again for everyone's assistance.

    *************************************************
    MALWAREBYTES (MBAM report)

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5816

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/20/2011 2:39:46 AM
    mbam-log-2011-02-20 (02-39-46).txt

    Scan type: Quick scan
    Objects scanned: 180493
    Time elapsed: 49 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ****************************************************
    GMER report

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-08 04:30:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L040J2 rev.A93.0500
    Running: gmer.exe; Driver: C:\DOCUME~1\Mary\LOCALS~1\Temp\pxdoapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8728BA68 ZwConnectPort
    SSDT 86FA51C0 ZwOpenProcess
    SSDT 86F7B1C0 ZwOpenThread

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Terry\My Documents\Updates and new software\gmer.exe[108] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Documents and Settings\Terry\My Documents\Updates and new software\gmer.exe[108] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\Explorer.EXE[508] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\Explorer.EXE[508] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Digital Line Detect\DLG.exe[656] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Digital Line Detect\DLG.exe[656] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1720] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1720] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1760] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[1760] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1800] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1800] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\system32\WDBtnMgr.exe[1908] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\system32\WDBtnMgr.exe[1908] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\MSOCache\All Users\90240409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE 0 bytes

    ---- EOF - GMER 1.0.15 ----
    ************************************************
    MBR CHECK REPORT

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000005d

    Kernel Drivers (total 155):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EF000 \WINDOWS\system32\hal.dll
    0xF7BA3000 \WINDOWS\system32\KDCOM.DLL
    0xF7AB3000 \WINDOWS\system32\BOOTVID.dll
    0xF7654000 ACPI.sys
    0xF7BA5000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7643000 pci.sys
    0xF76A3000 isapnp.sys
    0xF7C6B000 pciide.sys
    0xF7923000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF76B3000 MountMgr.sys
    0xF7624000 ftdisk.sys
    0xF792B000 PartMgr.sys
    0xF76C3000 VolSnap.sys
    0xF760C000 atapi.sys
    0xF76D3000 disk.sys
    0xF76E3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF75EC000 fltmgr.sys
    0xF75DA000 sr.sys
    0xF76F3000 PxHelp20.sys
    0xF75C3000 KSecDD.sys
    0xF7536000 Ntfs.sys
    0xF7509000 NDIS.sys
    0xF7703000 ohci1394.sys
    0xF7713000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xF74EF000 Mup.sys
    0xF7723000 agp440.sys
    0xF7933000 iomdisk.sys
    0xF7753000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xF7803000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF6DB4000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
    0xF6DA0000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF7A43000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF6D7C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7A4B000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF6C74000 \SystemRoot\System32\DRIVERS\BCMSM.sys
    0xF6C51000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF7A53000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7A5B000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
    0xF7813000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF7823000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF7833000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF6C31000 \SystemRoot\System32\Drivers\pwd_2k.SYS
    0xF7A63000 \SystemRoot\system32\drivers\gearaspiwdm.sys
    0xF7843000 \SystemRoot\system32\drivers\Imapi.sys
    0xF6BBE000 \SystemRoot\system32\drivers\smwdm.sys
    0xF7D28000 \SystemRoot\system32\drivers\SENSUPGD.SYS
    0xF6B9A000 \SystemRoot\system32\drivers\portcls.sys
    0xF7853000 \SystemRoot\system32\drivers\drmk.sys
    0xF7BF1000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7A6B000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF7863000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF7B9F000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6B86000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF7D2A000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF7873000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF74CB000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF6B6F000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF7883000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF7893000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7A73000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF6B5E000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF78A3000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7A7B000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7A83000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF7BF5000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF78B3000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7A8B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF7A93000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7BF7000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF6B00000 \SystemRoot\System32\DRIVERS\update.sys
    0xF74BB000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF7A9B000 \SystemRoot\System32\Drivers\mmc_2K.SYS
    0xF78C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF78D3000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7BF9000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF7B3B000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF7AA3000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF7B53000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xEE941000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
    0xEE924000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
    0xEE911000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
    0xF7953000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xF7963000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xF7B6F000 \SystemRoot\system32\drivers\hpfxbulk.sys
    0xF796B000 \SystemRoot\system32\drivers\HPFXGEN.SYS
    0xF797B000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    0xF7B73000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xF6EEA000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xF7983000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xF6EDA000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xF7B77000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
    0xF7B7B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xF7B7F000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xF7B83000 \SystemRoot\System32\DRIVERS\kbdhid.sys
    0xEE6FE000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110304.002\NavEx15.Sys
    0xEE6EA000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110304.002\NAVENG.Sys
    0xF7CBD000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF7DE5000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF7C4B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7DEA000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C51000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF79E3000 \SystemRoot\System32\drivers\vga.sys
    0xF7C53000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C55000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xEE68F000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
    0xF79F3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A03000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEE64A000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
    0xF7B4F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xEE625000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xEE5CC000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xEE58C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEE566000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF6E8A000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xEE855000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xF7763000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xF7C69000 \SystemRoot\System32\Drivers\SYMDNS.SYS
    0xF7783000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
    0xEE53D000 \SystemRoot\System32\Drivers\SYMFW.SYS
    0xF7A2B000 \SystemRoot\System32\Drivers\SYMIDS.SYS
    0xEE4F6000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110223.001\symidsco.sys
    0xEE4CE000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xEE4AC000 \SystemRoot\System32\drivers\afd.sys
    0xF77C3000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xEE45A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEE42F000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xEE3BF000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF77F3000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEE8F1000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEE37F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7BC1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6AE0000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF798B000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7CF7000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
    0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
    0xBF148000 \SystemRoot\System32\ATMFD.DLL
    0xEE1F7000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xEDEF2000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xEDE8D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEE01F000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7C41000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBA534000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA528000 \SystemRoot\System32\Drivers\mrtRate.SYS
    0xBA3EC000 \SystemRoot\System32\DRIVERS\srv.sys
    0xF7A3B000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
    0xBA258000 \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
    0xBA2BC000 \SystemRoot\System32\DRIVERS\asyncmac.sys
    0xB9A4D000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 57):
    0 System Idle Process
    4 System
    496 C:\WINDOWS\SYSTEM32\smss.exe
    552 csrss.exe
    576 C:\WINDOWS\SYSTEM32\winlogon.exe
    624 C:\WINDOWS\SYSTEM32\services.exe
    636 C:\WINDOWS\SYSTEM32\lsass.exe
    800 C:\WINDOWS\SYSTEM32\svchost.exe
    876 svchost.exe
    936 C:\WINDOWS\SYSTEM32\svchost.exe
    1020 svchost.exe
    1068 svchost.exe
    1232 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1240 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    1376 svchost.exe
    1464 C:\Program Files\Google\Update\GoogleUpdate.exe
    1560 C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    1688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1696 C:\WINDOWS\explorer.exe
    1808 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    2016 C:\Program Files\Canon\BJCard\Bjmcmng.exe
    160 C:\Program Files\Bonjour\mDNSResponder.exe
    200 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    236 C:\WINDOWS\SYSTEM32\hkcmd.exe
    260 C:\WINDOWS\BCMSMMSG.exe
    272 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
    296 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
    356 C:\WINDOWS\SYSTEM32\cisvc.exe
    364 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    380 C:\Program Files\Iomega\DriveIcons\Imgicon.exe
    400 C:\WINDOWS\SYSTEM32\TaskSwitch.exe
    544 C:\PROGRA~1\Iomega\System32\AppServices.exe
    600 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    1076 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
    868 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    1716 C:\Program Files\Java\jre6\bin\jqs.exe
    1656 C:\WINDOWS\SYSTEM32\ctfmon.exe
    1708 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    1892 C:\Program Files\Digital Line Detect\DLG.exe
    2084 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
    2180 C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    2228 C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    2348 C:\Program Files\Dantz\Retrospect\retrorun.exe
    2516 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    2600 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    2644 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    2712 C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    2756 C:\WINDOWS\SYSTEM32\svchost.exe
    2848 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    2880 C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    2916 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    3064 C:\Program Files\Iomega\AutoDisk\ADService.exe
    3116 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
    3580 C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
    132 alg.exe
    2432 <unknown>
    3352 C:\Documents and Settings\Terry\My Documents\Updates and new software\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: MAXTOR6L040J2, Rev: A93.0500
    PhysicalDrive1 Model Number: WD1200BB External, Rev: 0411

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    111 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!
    ********************************************************
    DDS Report 1 (2 logs)

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Mary at 4:57:54.79 on Tue 03/08/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -5:00]

    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Canon\BJCard\Bjmcmng.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Terry\My Documents\Updates and new software\dds.scr

    ============== Pseudo HJT Report ===============

    uLocal Page = c:\windows\pchealth\helpctr\system\panels\BLANK.HTM
    uDefault_Page_URL = hxxp://www.dellnet.com
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mLocal Page = c:\windows\pchealth\helpctr\system\panels\BLANK.HTM
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;hxxp://localhost;*.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
    {43d9e6f0-1776-4897-ae14-ecedecbafec0}
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
    mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
    mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
    mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
    mRun: [RFAgent]
    mRun: [<NO NAME>]
    mRun: [WD Button Manager] WDBtnMgr.exe
    mRun: [ToolBoxFX] "c:\program files\hewlett-packard\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /systrayIcon:eek:n /fl:eek:n /fr:eek:n /appData:eek:n
    mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe "
    dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
    StartupFolder: c:\documents and settings\mary\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office\EXCEL.EXE/3000
    IE: E-&mail Page - c:\windows\web\Mailto_URL.HTM
    IE: Open in new background tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/229?89ad5fe1dd3d4fe6b45425179aa8eb0
    IE: Open in new foreground tab - c:\program files\msn toolbar suite\tab\02.05.0001.1119\en-us\msntabres.dll/230?89ad5fe1dd3d4fe6b45425179aa8eb0
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: adobe.com\www
    Trusted Zone: clubcoach.net\www
    Trusted Zone: microsoft.com\www
    Trusted Zone: msn.com\my
    Trusted Zone: peapod.com\www
    Trusted Zone: rockymountainhpc.com\www
    Trusted Zone: symantec.com\www
    DPF: Microsoft XML Parser for Java
    DPF: symsupportutil - hxxps://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - hxxp://download.richfx.com/player/mediaversion/005/latest/twophase.cab
    DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} - hxxp://office.microsoft.com/productupdates/content/opuc/opuc.cab
    DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} - hxxp://69.43.133.73/plugin/axversion/1410/printquick1410.cab
    DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129342033015
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-11-6 338056]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-11-6 50312]
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-3-4 197992]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2006-6-24 235168]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-3-4 181608]
    R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-10-21 34712]
    R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-11-6 177264]
    R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2004-10-27 135168]
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2004-10-27 819352]
    R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2008-7-9 868864]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110304.002\NAVENG.Sys [2011-3-7 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110304.002\NavEx15.Sys [2011-3-7 1360760]
    S2 aawservice;Lavasoft Ad-Aware Service; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-27 136176]
    S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-11-6 67184]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2006-3-4 79208]
    S3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\drivers\mxbulk3.sys --> c:\windows\system32\drivers\MXBulk3.sys [?]
    S3 MXCap;DSC-06 Video Camera;c:\windows\system32\drivers\mxcap3.sys --> c:\windows\system32\drivers\MXCap3.sys [?]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\packet.sys [2002-10-21 17335]
    S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-11-6 198368]
    S3 slz1nd5;SL Series (NDIS);c:\windows\system32\drivers\slz1nd5.sys [2003-4-17 17808]
    S3 slz1unic;SL Series (WDM);c:\windows\system32\drivers\slz1unic.sys [2003-4-17 69920]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-6-21 15576]

    =============== Created Last 30 ================

    2011-02-22 06:20:05 -------- d-----w- c:\program files\iPod
    2011-02-22 05:51:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-02-22 05:51:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-02-22 05:51:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-02-22 05:51:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-02-22 05:51:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-02-22 05:51:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-02-22 05:51:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-02-20 21:41:17 -------- d-----w- c:\docume~1\mary\applic~1\IObit
    2011-02-20 05:01:10 -------- d-----w- c:\docume~1\mary\applic~1\Malwarebytes
    2011-02-20 05:00:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-20 05:00:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-02-20 05:00:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-20 05:00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    ==================== Find3M ====================

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 23:51:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2000-12-12 16:17:40 100432 -c----w- c:\program files\Win2000PPAHotfix.exe

    ============= FINISH: 5:01:26.54 ===============


    *******************************************************

    DDS log 2

    TO BE SENT AS AN ATTACHMENT IF REQUESTED.

    **********************************************************
    NOTE: I ALSO RAN ROOTKIT UNHOOKER. BELOW IS A PARTIAL REPORT. THERE WAS NOT ENOUGH CHARACTER ROOM IN POSTING FOR THE ENTIRE DOCUMENT. IF REQUESTED, I WILL INCLUDE IN A SEPARATE POSTING.

    ROOTKIT UNHOOKER REPORT

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    ==============================================
    >Stealth
    ==============================================
    0xF728F7FF LDT (IN GDT of Core 1) Modification, Base+0xBF0, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0xF720F7FF LDT (IN GDT of Core 1) Modification, Base+0xBF8, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0xF77CF7FF LDT (IN GDT of Core 1) Modification, Base+0xC70, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0xF7D40000 LDT (IN GDT of Core 1) Modification, Base+0xCD8, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xF7F8F7FF LDT (IN GDT of Core 1) Modification, Base+0xD00, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0x1175CBE3 LDT (IN GDT of Core 1) Modification, Base+0xAE0, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0xF830F7FF LDT (IN GDT of Core 1) Modification, Base+0xD18, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0x44C90000 LDT (IN GDT of Core 1) Modification, Base+0xF70, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF7C0F7F2 LDT (IN GDT of Core 1) Modification, Base+0x2A0, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
    0xF7A8F907 LDT (IN GDT of Core 1) Modification, Base+0xBC0, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]
    0xE6D0873A LDT (IN GDT of Core 1) Modification, Base+0x570, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
    0xF7100000 LDT (IN GDT of Core 1) Modification, Base+0x668, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
    LDT (IN GDT of Core 1) Modification, Base+0x9F0, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0x00004020 LDT (IN GDT of Core 1) Modification, Base+0xA20, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0x32656E72 LDT (IN GDT of Core 1) Modification, Base+0xB30, DPL_USER, Rpl : 2, Type: CallGate32, Core [1]
    0xF818F7E0 LDT (IN GDT of Core 1) Modification, Base+0x2A8, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xE6080078 LDT (IN GDT of Core 1) Modification, Base+0x388, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xF828F800 LDT (IN GDT of Core 1) Modification, Base+0xBF0, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF820F800 LDT (IN GDT of Core 1) Modification, Base+0xBF8, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF828F800 LDT (IN GDT of Core 1) Modification, Base+0xC30, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF87CF800 LDT (IN GDT of Core 1) Modification, Base+0xC70, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF8D40000 LDT (IN GDT of Core 1) Modification, Base+0xCD8, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xF7E0825F LDT (IN GDT of Core 1) Modification, Base+0xCE8, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
    0xF8F8F800 LDT (IN GDT of Core 1) Modification, Base+0xD00, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0x002CF800 LDT (IN GDT of Core 1) Modification, Base+0xF98, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xC20, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0x66086818 LDT (IN GDT of Core 1) Modification, Base+0xC30, DPL_SYSTEM, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xC58, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xC60, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xC98, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xCA0, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xCD0, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xCCCCCCCC LDT (IN GDT of Core 1) Modification, Base+0xD30, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xC8730000 LDT (IN GDT of Core 1) Modification, Base+0xD60, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
    0x0D669E30 LDT (IN GDT of Core 1) Modification, Base+0xDA0, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xE86A37FF LDT (IN GDT of Core 1) Modification, Base+0xDC8, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]
    0xD67FC085 LDT (IN GDT of Core 1) Modification, Base+0xE88, DPL_SYSTEM, Rpl : 1, Type: CallGate32, Core [1]
    0x73694620 LDT (IN GDT of Core 1) Modification, Base+0xC90, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
    0xF8B0F800 LDT (IN GDT of Core 1) Modification, Base+0xCB8, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xF8C4F800 LDT (IN GDT of Core 1) Modification, Base+0xCC8, DPL_INVALID, Rpl : 0, Type: CallGate32, Core [1]
    0xF778F7E8 LDT (IN GDT of Core 1) Modification, Base+0xE38, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
    0xF770F800 LDT (IN GDT of Core 1) Modification, Base+0xE40, DPL_USER, Rpl : 0, Type: CallGate32, Core [1]
    0x80B08056 LDT (IN GDT of Core 1) Modification, Base+0xA18, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
    WARNING: Virus alike driver modification [a302.sys]
    WARNING: Virus alike driver modification [a305.sys]
    WARNING: Virus alike driver modification [RIODRV.SYS]
    WARNING: Virus alike driver modification [SYMEVENT.SYS]
    WARNING: Virus alike driver modification [vch.sys]
    WARNING: Virus alike driver modification [a307.sys]
    WARNING: Virus alike driver modification [detectdr.sys]
    WARNING: Virus alike driver modification [a309.sys]
    WARNING: Virus alike driver modification [a304.sys]
    WARNING: Virus alike driver modification [CINEMST2.SYS]
    WARNING: Virus alike driver modification [wa301a.sys]
    WARNING: Virus alike driver modification [wa301b.sys]
    WARNING: Virus alike driver modification [a311.sys]
    WARNING: Virus alike driver modification [RAWWAN.SYS]
    WARNING: Virus alike driver modification [TOSDVD.SYS]
    WARNING: Virus alike driver modification [NWLNKSPX.SYS]
    WARNING: Virus alike driver modification [MCD.SYS]

    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
    ********************************************************************** END OF DOCUMENT ******************************
     
  2. 2011/03/11
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Missing Attach.txt log
     

  3. to hide this advert.

  4. 2011/03/11
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Here is the Attach.txt document Thanks again.
    ****************************
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/10/2002 11:27:24 AM
    System Uptime: 3/8/2011 4:34:23 AM (1 hours ago)

    Motherboard: MiTAC International Corp. | | Dimension 2300
    Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 1993/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 8.481 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is FIXED (NTFS) - 112 GiB total, 22.714 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1740: 2/22/2011 10:38:50 PM - Feb 22 backup before adaware install
    RP1741: 2/23/2011 2:01:24 AM - Software Distribution Service 3.0
    RP1742: 2/24/2011 3:01:09 AM - System Checkpoint
    RP1743: 2/25/2011 10:29:03 PM - Feb 25 backup before program removal (adobe programs unused)
    RP1744: 3/8/2011 12:46:04 AM - Mar 7 backup before repair attempt

    ==== Installed Programs ======================

    3D Windows XP Screen Saver
    ABBYY FineReader 5.0 Sprint
    Active Disk
    Adobe Dimensions 3.0
    Adobe Download Manager (Remove Only)
    Adobe Flash Player 10 ActiveX
    Adobe PDF IFilter 6.0
    Adobe Photoshop 6.0
    Adobe Photoshop Elements 3.0
    Adobe Reader 8.2.6
    Adobe Shockwave Player 11
    Adobe Streamline 4.0
    Agent Ransack Version 1.7.3
    Aladdin Expander 5.1
    Alt-Tab Task Switcher Powertoy for Windows XP
    AM-DeadLink
    Amazing Windows XP Screen Saver 1.2
    American Flag Screen Saver
    Anark Client 1.0
    Angel Writer 3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BCM V.92 56K Modem
    BHODemon 2.0.0.18
    Bonjour
    Britannica Ready Reference
    Browser Hijack Blaster v1.0
    Cakewalk Pyro 5
    Calculator Powertoy for Windows XP
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Canon Camera Support Core Library
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window DVC for ZoomBrowser EX
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon S530D
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PhotoPrint Plus
    Canon Utilities PhotoStitch 3.1
    Canon ZoomBrowser EX
    CC_ccProxyExt
    ccCommon
    ccPxyCore
    Classic PhoneTools
    Critical Update for Windows Media Player 11 (KB959772)
    dBpoweramp [Calculate Audio CRC] Codec
    dBpoweramp AMG License
    dBpoweramp FLAC Codec
    dBpoweramp m4a Codec
    dBpoweramp Monkeys Audio Codec
    dBpoweramp Mp2 and BwfMp2 codec
    dBpoweramp mp3 (Fraunhofer IIS) Codec
    dBpoweramp Music Converter
    dBpoweramp Ogg Vorbis Codec
    dBpoweramp WavPack Codec
    dBpoweramp Windows Media Audio 10 Codec
    Dell Modem-On-Hold
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    Dell Support
    DellTouch
    DHE Editor 1.7 Basic
    Digital Line Detect
    Digital Photography Winter Fun Pack
    e-Life Pal
    Easy CD Creator 5 Basic
    Easy Thumbnails (Remove only)
    Epocrates Epocrates software for PalmOS
    Epocrates Essentials
    FileZilla (remove only)
    FLV Player 2.0 (build 25)
    Free FLV Converter V 5.8
    Free Mp3 Wma Converter V 1.7.3
    Free Video Converter V 2.8
    Gif Vault
    Google Update Helper
    Greeting Card Creator 32
    Help and Support Customization
    Holiday Snowflakes Screen Saver 1.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    hp instant support
    HP LaserJet 3050/3052/3055/3390/3392 2.0
    HP Memories Disc
    HP Photo and Imaging 2.2 - Scanjet 3970 Series
    HP Product Detection
    HP Update
    hpp3390usg
    hppFaxDrv3390
    hppFaxUtility
    hppFonts
    hppIOFiles
    hppLJ3390
    hppManuals3390
    hppscan3390
    hppScanTo
    hppSendFax
    hppTooCool
    hppToolBoxFX
    hpzTLBXFX
    Image Resizer Powertoy for Windows XP
    Intel(R) Extreme Graphics Driver
    Intellisync for SL
    Internet Explorer Q903235
    IomegaWare 4.0.2
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    JGsoft EditPad Lite 5.4.6
    LabelCreator Pro
    Lexmark X74-X75
    LiveReg (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player 8 Plugin
    Macromedia Shockwave Player
    Magnifier Powertoy for Windows XP
    Malwarebytes' Anti-Malware
    MarketResearch
    Memory Card Utility
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office 2000 Web Archive Add-On
    Microsoft Office 2003 Resource Kit
    Microsoft Office HTML Filter 2.0
    Microsoft OpenType Font Properties Extension (Remove Only)
    Microsoft Outlook Personal Folders Backup
    Microsoft Plus! for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Video Screensaver
    mobilePDR
    Modem Helper
    MovieEdit Task
    MSN Search Toolbar
    MSRedist
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nokia Connectivity Cable Driver
    Nokia MTP driver
    Nokia PC Connectivity Solution
    Nokia PC Suite
    Norton AntiSpam
    Norton AntiVirus 2005
    Norton CleanSweep
    Norton Internet Security
    Norton Internet Security 2005 (Symantec Corporation)
    Norton Password Manager
    Norton Password Manager (Symantec Corporation)
    Norton Speed Disk 7.0 for Windows NT
    Norton SystemWorks 2003
    Norton Utilities 2003 for Windows
    Norton WMI Update
    NoteTab Light (Remove only)
    NoteTab Pro (Remove only)
    NPM_DRM_COLLECTION
    Optimum Online net guide
    Paint Shop Pro 7
    Palm Desktop
    PDF reDirect (remove only)
    PhotoJam 3
    PhotoStitch
    Picasa 2
    Pixie 3.1 (remove only)
    Polaroid Dust and Scratch Removal v1.0.0.15.2e
    Post-it® Software Notes Lite
    PowerDVD
    Primo
    PrimoPDF
    PrimoPDF Redistribution Package
    PVR HD Series
    QFolder
    QuarkXPress 5.01
    QuickTime
    RAW Image Task 1.2
    Readiris Pro 11
    RealPlayer
    Realtek RTL8139 Diagnostics Program
    Registry First Aid
    RemoteCapture Task 1.1
    Retrospect 6.5
    Revo Uninstaller 1.88
    RoughDraft 3.0
    Runtime
    Scan
    Screen Saver Magic- Deluxe Edition 6.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    ShareIns
    Shockwave
    Shortcuts Map 2.2 (remove only)
    Simple Family Tree (remove only)
    SPBBC
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SpywareBlaster 4.4
    Startup Delayer v2.5 (build 138)
    StuffIt Standard Edition 7.5
    Symantec Network Driver Update
    Symantec Network Drivers Update
    Symantec Script Blocking Installer
    SymNet
    TiVo Desktop 2.6.2
    TreeSize 1.7
    Tweakui Powertoy for Windows XP
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Online
    Viewpoint Media Player (Remove Only)
    Virtual Desktop Manager Powertoy for Windows XP
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebIQ Technology Engine
    Windows Backup Utility
    Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Series TweakMP PowerToy
    Windows Media Player 9 Series Winter Fun Pack
    Windows XP Service Pack 3
    Windows XP Valentine Screen Saver
    Windows XP Winter Fun Pack Screensavers
    Wisdom-soft ScreenHunter 5.0 Free
    WordWeb
    X-Fonter 4.0
    XnView 1.80.3

    ==== Event Viewer Messages From Past Week ========

    3/8/2011 4:28:21 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
    3/8/2011 4:28:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
    3/8/2011 4:28:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
    3/8/2011 4:02:59 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/7/2011 9:40:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    3/7/2011 9:34:46 PM, error: RemoteAccess [20106] - Unable to add the interface {138C5C9A-E6DD-4BE9-AD7A-78DD3659F729} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.

    ==== End Of File ===========================
     
  5. 2011/03/11
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    An additional note:

    I have had all kinds of problems with Ad-aware for the last few months since I tried to update it from version 8.1 to 8.2. After numerous attempts to install different versions of it, I removed it using the OBIT program. Once I get my computer working correctly again, I plan to try and get it working again. If you can recommend a better program than Ad-aware, I would like to try it.

    Also, I removed unused programs and defragged the hard drive as instructed. After running the Temp File Cleaner, I gained 3 additional GiB. I'm still puzzled as to why my hard drive started losing space at a rapid rate when I did not add anything? I have an external hard drive and try to always keep at least 10 GiB of space free on the main hard drive. Thanks.
     
  6. 2011/03/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. 2011/03/15
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Thanks for the information. I'll run the program and post the results as listed.

    I should have been more specific with my previous note. I have been following the posted instructions for removing malware and a virus. My comment about Ad-aware was to provide a possible clue to my computer problem. My problem with Ad-aware happened about six weeks prior to my computer slowing down. A recent comment I read about Lavasoft made me think that Ad-aware may have been a contributing factor?

    Anyway, I am following the sequence and look forward to resolving the problem. Thanks again. As mentioned, I would appreciate your recommendation about a replacement for Ad-aware at the conclusion of the repair process.
     
  8. 2011/03/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  9. 2011/03/17
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Here is the report from TDDSKiller. The scan said no Rootkits were found.
    Note: After MalwareBytes removed the files, the computer runs better (i.e., no continuous on-line communication and programs open quicker: Word, Excel, etc.) but startup is still slower than usual.

    Here is the report:
    -----------------
    2011/03/15 03:55:39.0600 1352 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/15 03:55:41.0647 1352 ================================================================================
    2011/03/15 03:55:41.0647 1352 SystemInfo:
    2011/03/15 03:55:41.0647 1352
    2011/03/15 03:55:41.0647 1352 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/15 03:55:41.0647 1352 Product type: Workstation
    2011/03/15 03:55:41.0647 1352 ComputerName: D2DW9021
    2011/03/15 03:55:41.0647 1352 UserName: Mary
    2011/03/15 03:55:41.0647 1352 Windows directory: C:\WINDOWS
    2011/03/15 03:55:41.0647 1352 System windows directory: C:\WINDOWS
    2011/03/15 03:55:41.0647 1352 Processor architecture: Intel x86
    2011/03/15 03:55:41.0647 1352 Number of processors: 1
    2011/03/15 03:55:41.0647 1352 Page size: 0x1000
    2011/03/15 03:55:41.0647 1352 Boot type: Normal boot
    2011/03/15 03:55:41.0647 1352 ================================================================================
    2011/03/15 03:55:43.0085 1352 Initialize success
    2011/03/15 03:56:06.0038 2748 ================================================================================
    2011/03/15 03:56:06.0038 2748 Scan started
    2011/03/15 03:56:06.0038 2748 Mode: Manual;
    2011/03/15 03:56:06.0038 2748 ================================================================================
    2011/03/15 03:56:08.0366 2748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    2011/03/15 03:56:08.0788 2748 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    2011/03/15 03:56:09.0475 2748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/15 03:56:10.0100 2748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/15 03:56:10.0991 2748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    2011/03/15 03:56:11.0710 2748 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/03/15 03:56:12.0272 2748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/15 03:56:13.0163 2748 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/15 03:56:13.0694 2748 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/03/15 03:56:14.0288 2748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/03/15 03:56:14.0850 2748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    2011/03/15 03:56:15.0585 2748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    2011/03/15 03:56:16.0569 2748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    2011/03/15 03:56:17.0866 2748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    2011/03/15 03:56:18.0991 2748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    2011/03/15 03:56:20.0007 2748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    2011/03/15 03:56:21.0366 2748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    2011/03/15 03:56:24.0069 2748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    2011/03/15 03:56:25.0569 2748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/03/15 03:56:27.0569 2748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    2011/03/15 03:56:29.0054 2748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    2011/03/15 03:56:30.0491 2748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    2011/03/15 03:56:32.0163 2748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/15 03:56:33.0272 2748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/15 03:56:35.0350 2748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/15 03:56:37.0350 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/15 03:56:39.0179 2748 BCMModem (511b93cdcd45d4ac452c0065d237ad0f) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
    2011/03/15 03:56:42.0944 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/15 03:56:45.0429 2748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    2011/03/15 03:56:46.0757 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/15 03:56:47.0960 2748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/03/15 03:56:50.0241 2748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    2011/03/15 03:56:51.0413 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/15 03:56:52.0897 2748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/15 03:56:53.0991 2748 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2011/03/15 03:56:55.0225 2748 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2011/03/15 03:56:56.0397 2748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/15 03:56:58.0554 2748 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
    2011/03/15 03:57:00.0897 2748 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    2011/03/15 03:57:02.0147 2748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    2011/03/15 03:57:03.0491 2748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    2011/03/15 03:57:06.0100 2748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    2011/03/15 03:57:07.0319 2748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/15 03:57:09.0038 2748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/15 03:57:12.0569 2748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/15 03:57:15.0085 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/15 03:57:16.0210 2748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/15 03:57:18.0007 2748 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
    2011/03/15 03:57:18.0975 2748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    2011/03/15 03:57:20.0241 2748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/15 03:57:21.0382 2748 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
    2011/03/15 03:57:22.0772 2748 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/03/15 03:57:24.0991 2748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/15 03:57:26.0288 2748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/15 03:57:27.0835 2748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/15 03:57:29.0491 2748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/15 03:57:30.0913 2748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/03/15 03:57:32.0288 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/15 03:57:33.0522 2748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/15 03:57:34.0882 2748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
    2011/03/15 03:57:36.0397 2748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/15 03:57:38.0616 2748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/15 03:57:39.0850 2748 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
    2011/03/15 03:57:41.0100 2748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    2011/03/15 03:57:42.0663 2748 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
    2011/03/15 03:57:44.0507 2748 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/03/15 03:57:46.0194 2748 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/03/15 03:57:47.0632 2748 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/03/15 03:57:49.0444 2748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/15 03:57:50.0741 2748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/03/15 03:57:51.0991 2748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    2011/03/15 03:57:53.0413 2748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/15 03:57:55.0897 2748 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/03/15 03:57:59.0335 2748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
    2011/03/15 03:58:01.0194 2748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    2011/03/15 03:58:02.0397 2748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2011/03/15 03:58:03.0475 2748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/03/15 03:58:05.0304 2748 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
    2011/03/15 03:58:06.0788 2748 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/03/15 03:58:08.0319 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/15 03:58:09.0913 2748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/15 03:58:11.0210 2748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/15 03:58:13.0507 2748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/15 03:58:15.0179 2748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/15 03:58:16.0007 2748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/15 03:58:17.0225 2748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/15 03:58:18.0475 2748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/15 03:58:19.0616 2748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/15 03:58:20.0304 2748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/15 03:58:21.0522 2748 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
    2011/03/15 03:58:22.0882 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/15 03:58:23.0897 2748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/15 03:58:25.0382 2748 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/03/15 03:58:26.0444 2748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/15 03:58:27.0710 2748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/03/15 03:58:28.0397 2748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/15 03:58:29.0475 2748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    2011/03/15 03:58:30.0835 2748 mrtRate (a7566da7aa8b74f1cebc18afd6b6cfa0) C:\WINDOWS\system32\drivers\mrtRate.sys
    2011/03/15 03:58:32.0257 2748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/15 03:58:33.0569 2748 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/15 03:58:35.0054 2748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/15 03:58:35.0835 2748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/15 03:58:36.0788 2748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/15 03:58:37.0663 2748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/15 03:58:38.0929 2748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/15 03:58:40.0257 2748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/03/15 03:58:41.0132 2748 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/15 03:58:43.0460 2748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/03/15 03:58:44.0975 2748 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110309.002\NAVENG.Sys
    2011/03/15 03:58:46.0069 2748 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110309.002\NavEx15.Sys
    2011/03/15 03:58:47.0913 2748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/15 03:58:48.0788 2748 ndiscm (064920813091f86e2cfd256434fe9dfd) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
    2011/03/15 03:58:49.0507 2748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/03/15 03:58:50.0444 2748 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/15 03:58:51.0241 2748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/15 03:58:52.0069 2748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/15 03:58:53.0382 2748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/15 03:58:54.0272 2748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/15 03:58:55.0210 2748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/15 03:58:56.0366 2748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/03/15 03:58:57.0366 2748 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2011/03/15 03:58:58.0225 2748 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2011/03/15 03:58:59.0132 2748 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
    2011/03/15 03:59:00.0522 2748 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2011/03/15 03:59:01.0679 2748 NPDriver (410ab482d8a1e1655a7158a7b5c72ce7) C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
    2011/03/15 03:59:03.0132 2748 NPF (a7fb8f4711c8166baec522a27f0323b0) C:\WINDOWS\system32\drivers\packet.sys
    2011/03/15 03:59:04.0022 2748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/15 03:59:05.0850 2748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/15 03:59:06.0475 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/15 03:59:07.0694 2748 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/15 03:59:08.0647 2748 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
    2011/03/15 03:59:10.0022 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/15 03:59:10.0882 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/15 03:59:12.0054 2748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/03/15 03:59:13.0600 2748 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2011/03/15 03:59:14.0866 2748 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
    2011/03/15 03:59:15.0725 2748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/03/15 03:59:16.0850 2748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/15 03:59:17.0694 2748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/15 03:59:18.0600 2748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/15 03:59:20.0397 2748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/15 03:59:21.0069 2748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/15 03:59:24.0210 2748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    2011/03/15 03:59:24.0850 2748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    2011/03/15 03:59:25.0710 2748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/15 03:59:26.0585 2748 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/03/15 03:59:26.0897 2748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/15 03:59:27.0335 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/15 03:59:27.0788 2748 pwd_2k (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2k.sys
    2011/03/15 03:59:29.0054 2748 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/15 03:59:30.0100 2748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    2011/03/15 03:59:30.0866 2748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    2011/03/15 03:59:31.0600 2748 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    2011/03/15 03:59:32.0694 2748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    2011/03/15 03:59:33.0444 2748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    2011/03/15 03:59:34.0460 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/15 03:59:35.0350 2748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/15 03:59:36.0460 2748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/15 03:59:37.0600 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/15 03:59:38.0475 2748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/15 03:59:40.0007 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/15 03:59:40.0757 2748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/15 03:59:41.0944 2748 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/15 03:59:43.0475 2748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/15 03:59:44.0335 2748 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/03/15 03:59:45.0085 2748 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2011/03/15 03:59:45.0616 2748 SAVRT (3d2eb85b0a130cba0cd08bcdd2b2e485) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
    2011/03/15 03:59:46.0444 2748 SAVRTPEL (a5d09f85b8717bbf67520b1cc71d641f) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
    2011/03/15 03:59:47.0257 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/15 03:59:47.0897 2748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/15 03:59:48.0444 2748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/15 03:59:49.0194 2748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/15 03:59:50.0225 2748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    2011/03/15 03:59:50.0897 2748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/03/15 03:59:51.0538 2748 slz1nd5 (eeca3bbd67824dc8d102652bbddd6df3) C:\WINDOWS\system32\DRIVERS\slz1nd5.sys
    2011/03/15 03:59:52.0085 2748 slz1unic (f12645e5f6c9c6ac65690b9d8d02771a) C:\WINDOWS\system32\DRIVERS\slz1unic.sys
    2011/03/15 03:59:52.0929 2748 smwdm (af723f71210d1ed3df9c5c91b4a37f93) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/03/15 03:59:54.0163 2748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    2011/03/15 03:59:54.0694 2748 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/03/15 03:59:55.0554 2748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/15 03:59:56.0100 2748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/15 03:59:56.0913 2748 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/15 03:59:57.0788 2748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/03/15 03:59:58.0350 2748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/15 03:59:58.0975 2748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/15 03:59:59.0975 2748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    2011/03/15 04:00:00.0600 2748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    2011/03/15 04:00:01.0210 2748 SYMDNS (ee912e097aeece377574a6237aee8bf0) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
    2011/03/15 04:00:01.0554 2748 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
    2011/03/15 04:00:02.0397 2748 SYMFW (c8054d5c05251b0878817e72e0a410f9) C:\WINDOWS\System32\Drivers\SYMFW.SYS
    2011/03/15 04:00:03.0382 2748 SYMIDS (e6104e41ea83bae13f305441b171162d) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
    2011/03/15 04:00:04.0100 2748 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110307.001\symidsco.sys
    2011/03/15 04:00:04.0632 2748 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\System32\drivers\symlcbrd.sys
    2011/03/15 04:00:05.0007 2748 SYMNDIS (9e46285fdfa4cf9c2db45da570796b55) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
    2011/03/15 04:00:05.0507 2748 SYMREDRV (ed5f0c723c496d7fe3a5008377be41a9) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    2011/03/15 04:00:05.0991 2748 SYMTDI (6557f9879548f1d7a9a059e037820408) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    2011/03/15 04:00:06.0538 2748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    2011/03/15 04:00:06.0850 2748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    2011/03/15 04:00:07.0522 2748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/15 04:00:08.0272 2748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/15 04:00:09.0241 2748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/15 04:00:09.0788 2748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/15 04:00:10.0444 2748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/15 04:00:11.0257 2748 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    2011/03/15 04:00:11.0929 2748 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    2011/03/15 04:00:12.0694 2748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/15 04:00:13.0319 2748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    2011/03/15 04:00:14.0069 2748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/15 04:00:15.0132 2748 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/03/15 04:00:15.0804 2748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/15 04:00:16.0444 2748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/15 04:00:17.0054 2748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/15 04:00:17.0585 2748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/03/15 04:00:18.0194 2748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/03/15 04:00:18.0819 2748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/15 04:00:19.0460 2748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/15 04:00:20.0038 2748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/15 04:00:20.0632 2748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    2011/03/15 04:00:21.0335 2748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2011/03/15 04:00:21.0913 2748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/15 04:00:22.0725 2748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/15 04:00:24.0460 2748 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
    2011/03/15 04:00:25.0100 2748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/15 04:00:26.0085 2748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/03/15 04:00:26.0725 2748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/15 04:00:27.0522 2748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/15 04:00:28.0444 2748 {6080A529-897E-4629-A488-ABA0C29B635E} (981210ddf5f7ed0cdf9f407999b3080c) C:\WINDOWS\system32\drivers\ialmsbw.sys
    2011/03/15 04:00:29.0210 2748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (7ba8437f4e9db34ac602ffb66ca7120f) C:\WINDOWS\system32\drivers\ialmkchw.sys
    2011/03/15 04:00:32.0241 2748================================================================================
    2011/03/15 04:00:32.0241 2748 Scan finished
    2011/03/15 04:00:32.0241 2748================================================================================
     
  10. 2011/03/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. 2011/03/21
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Here are the two reports. Thanks:

    ComboFix Report:
    -----------------
    ComboFix 11-03-19.01 - Mary 03/20/2011 0:59.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -4:00]
    Running from: c:\documents and settings\Terry\My Documents\Updates and new software\updated programs\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Terry\MYDOCU~1\SPECIA~1\PRICEO~1\PRICe-~1.exe
    c:\documents and settings\Mary\Mary's Documents\Readiris.DUS
    c:\program files\INSTALL.LOG
    c:\windows\ST6UNST.000
    c:\windows\system32\Packet.dll
    c:\windows\system32\rnaph.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-17 13:35 . 2011-03-17 13:35 -------- d-----w- c:\documents and settings\Mary\Application Data\SUPERAntiSpyware.com
    2011-03-17 13:35 . 2011-03-17 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-03-17 13:34 . 2011-03-17 13:35 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-12 07:55 . 2011-03-12 07:55 -------- d-----w- c:\program files\ESET
    2011-02-22 06:35 . 2011-02-22 06:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-02-22 06:20 . 2011-02-22 06:20 -------- d-----w- c:\program files\iPod
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-02-22 05:51 . 2011-02-22 05:51 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-02-20 21:41 . 2011-02-20 21:41 -------- d-----w- c:\documents and settings\Mary\Application Data\IObit
    2011-02-20 05:01 . 2011-02-20 05:01 -------- d-----w- c:\documents and settings\Mary\Application Data\Malwarebytes
    2011-02-20 05:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-20 05:00 . 2011-02-20 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-20 05:00 . 2011-02-20 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-20 05:00 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-20 03:04 . 2011-02-20 03:04 -------- d-----w- c:\documents and settings\Mary\Application Data\InstallShield
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2002-11-13 16:07 270848 ------w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2002-11-13 16:07 186880 ------w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2002-11-13 16:07 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2002-11-13 16:07 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2002-11-13 16:07 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2001-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2002-02-20 23:46 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2006-04-28 14:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2002-11-13 16:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2002-11-13 16:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2001-08-18 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2000-12-12 16:17 . 2000-12-13 23:22 100432 -c----w- c:\program files\Win2000PPAHotfix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds "= "c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
    "BCMSMMSG "= "BCMSMMSG.exe" [2002-05-16 65536]
    "AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-08-10 684032]
    "ADUserMon "= "c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
    "Iomega Drive Icons "= "c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
    "Deskup "= "c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
    "CoolSwitch "= "c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
    "Symantec NetDriver Monitor "= "c:\progra~1\SYMNET~1\SNDMon.exe" [2007-04-12 100056]
    "WD Button Manager "= "WDBtnMgr.exe" [2005-01-02 331776]
    "ToolBoxFX "= "c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
    "Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SRUUninstall "= "c:\windows\System32\msiexec.exe" [2008-04-14 78848]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Post-it® Software Notes Lite.lnk
    backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\WordWeb.lnk
    backup=c:\windows\pss\WordWeb.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\BHODemon 2.0\BHODemon 2.0.lnk
    backup=c:\windows\pss\BHODemon 2.0.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^Intellisync for SL.lnk]
    path=c:\documents and settings\Mary\Start Menu\Programs\Sharp\Intellisync for SL\Intellisync for SL.lnk
    backup=c:\windows\pss\Intellisync for SL.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]
    2002-03-14 13:41 630784 -c----w- c:\program files\Canon\BJCard\BJLaunch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]
    2006-12-12 00:36 366400 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-17 14:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallDisableNotify "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 136176]
    R3 MXBULK;DualCam Still, MXBulk3.Sys;c:\windows\system32\Drivers\MXBulk3.sys [x]
    R3 MXCap;DSC-06 Video Camera;c:\windows\system32\DRIVERS\MXCap3.sys [x]
    R3 slz1nd5;SL Series (NDIS);c:\windows\system32\DRIVERS\slz1nd5.sys [2002-01-31 17808]
    R3 slz1unic;SL Series (WDM);c:\windows\system32\DRIVERS\slz1unic.sys [2002-01-31 69920]
    R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-01-08 15576]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
    S2 mrtRate;mrtRate; [x]
    S2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
    S2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-07-09 868864]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
    .
    2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 04:07]
    .
    2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 04:07]
    .
    2008-07-18 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Mary.job
    - c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2005-11-07 17:54]
    .
    2008-07-18 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
    - c:\program files\Norton SystemWorks\OBC.exe [2004-10-27 01:57]
    .
    2011-03-20 c:\windows\Tasks\Symantec Drmc.job
    - c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 08:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mLocal Page = c:\windows\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;hxxp://localhost;*.local
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office\EXCEL.EXE/3000
    IE: E-&mail Page - c:\windows\Web\Mailto_URL.HTM
    IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?89ad5fe1dd3d4fe6b45425179aa8eb0
    IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?89ad5fe1dd3d4fe6b45425179aa8eb0
    Trusted Zone: adobe.com\www
    Trusted Zone: clubcoach.net\www
    Trusted Zone: microsoft.com\www
    Trusted Zone: msn.com\my
    Trusted Zone: peapod.com\www
    Trusted Zone: rockymountainhpc.com\www
    Trusted Zone: symantec.com\www
    DPF: Microsoft XML Parser for Java
    DPF: {47F591A2-8783-11D2-8343-00A0C945A819} - hxxp://download.richfx.com/player/mediaversion/005/latest/twophase.cab
    DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} - hxxp://69.43.133.73/plugin/axversion/1410/printquick1410.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-RFAgent - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-20 01:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath "=" "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(592)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3396)
    c:\windows\system32\WININET.dll
    c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\windows\system32\ConnAPI.DLL
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Canon\BJCard\Bjmcmng.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\Iomega\System32\AppServices.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\Dantz\RETROS~1\wdsvc.exe
    c:\progra~1\NORTON~1\SPEEDD~1\nopdb.exe
    c:\windows\BCMSMMSG.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Iomega\AutoDisk\ADService.exe
    c:\windows\system32\WDBtnMgr.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\program files\Digital Line Detect\DLG.exe
    c:\windows\system32\taskmgr.exe
    c:\program files\Messenger\msmsgs.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-20 02:23:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-20 06:22
    .
    Pre-Run: 8,249,638,912 bytes free
    Post-Run: 8,263,712,768 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 747D5BD23F8AFF517CD070521ABC8991
    =================================
    rKill Report:
    ---------------
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 03/21/2011 at 0:57:17.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\grpconv.exe


    Rkill completed on 03/21/2011 at 0:57:58.
    ======================
    End of post
     
  12. 2011/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good now.

    Is Norton your current security program, or I'm seeing some leftovers?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. 2011/03/21
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Is Norton your current security program, or I'm seeing some leftovers?
    ------------------------------------------------------------------
    Yes. I use Norton Internet Security 2005 in conjunction with Norton System Works 2003. Since it's been working well, I decided not to update to a later version. Do you think an upgrade to a later version would provide that much more protection?

    I will do the new OTL scan tomorrow and get back to you. I appreciate your time and knowledge. Thanks. (Note: The computer is running much better than when we first started the repair process.)

    Question: When the computer is finally clean, is there a way to protect it any better than I am currently doing to prevent a recurrence? (using Norton Internet Security, Spybot Teatimer, SuperAntiSpyware, etc.) I was recently doing a Google search for mobility equipment and wound up on some pretty nasty websites! Consequently, I would like to confirm that I'm doing everything possible. Thanks again.
     
  14. 2011/03/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you're still getting updates, you should be fine.

    At the end of this topic, I'll provide you with some steps to keep you more secure.
     
  15. 2011/03/23
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Here is the OTL report part 1. Thanks again for your time.
    (The report text is too large for one post)

    OTL report
    -----------------

    PART1 OTL report
    ===============
    OTL logfile created on: 3/22/2011 1:06:05 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Terry\My Documents\Updates and new software\updated programs
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 371.00 Mb Available Physical Memory | 36.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.24 Gb Total Space | 7.59 Gb Free Space | 20.39% Space Free | Partition Type: NTFS
    Drive G: | 111.79 Gb Total Space | 22.72 Gb Free Space | 20.33% Space Free | Partition Type: NTFS

    Computer Name: D2DW9021 | User Name: Mary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/21 22:01:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\My Documents\Updates and new software\updated programs\OTL.exe
    PRC - [2011/02/18 15:05:46 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2008/07/09 16:13:20 | 000,868,864 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
    PRC - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
    PRC - [2008/01/17 12:42:02 | 000,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
    PRC - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    PRC - [2006/06/14 13:48:42 | 000,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    PRC - [2006/02/02 08:12:30 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe
    PRC - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
    PRC - [2005/01/02 19:45:39 | 000,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
    PRC - [2004/10/27 16:10:36 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    PRC - [2004/07/21 12:24:03 | 000,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
    PRC - [2003/11/12 14:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
    PRC - [2003/08/09 21:14:53 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
    PRC - [2002/09/24 17:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
    PRC - [2002/09/24 17:39:24 | 000,147,456 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    PRC - [2002/09/04 15:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
    PRC - [2002/08/14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    PRC - [2002/08/14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
    PRC - [2002/08/13 15:30:57 | 000,086,016 | ---- | M] (Iomega) -- C:\Program Files\Iomega\DriveIcons\Imgicon.exe
    PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TaskSwitch.exe
    PRC - [2002/03/14 09:41:48 | 000,049,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\BJCard\Bjmcmng.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/21 22:01:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\My Documents\Updates and new software\updated programs\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2004/12/20 10:57:16 | 000,198,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\ASOEHOOK.DLL
    MOD - [2003/10/03 14:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\framedyn.dll
    MOD - [2002/08/06 14:01:54 | 000,286,720 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\DriveIcons\Imghook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (aawservice)
    SRV - [2009/02/19 16:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2009/02/19 16:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2008/07/09 16:13:20 | 000,868,864 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)
    SRV - [2008/01/17 12:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2008/01/17 12:42:04 | 000,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2008/01/17 12:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/03/28 18:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/06/14 13:48:42 | 000,235,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
    SRV - [2006/06/05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2005/10/19 13:55:00 | 000,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)
    SRV - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
    SRV - [2005/04/18 19:49:24 | 000,083,584 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
    SRV - [2005/03/07 14:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
    SRV - [2004/10/27 16:10:36 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
    SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
    SRV - [2004/07/21 12:24:03 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc)
    SRV - [2003/11/12 14:46:34 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
    SRV - [2003/11/12 14:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
    SRV - [2002/09/24 17:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
    SRV - [2002/09/04 15:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
    SRV - [2002/08/14 06:03:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
    SRV - [2002/08/14 06:00:00 | 000,172,065 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE -- (Speed Disk service)
    SRV - [2002/03/14 09:41:48 | 000,049,152 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/22 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110316.007\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/22 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110316.007\NAVENG.SYS -- (NAVENG)
    DRV - [2010/09/15 14:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20110316.001\SymIDSCo.sys -- (SYMIDSCO)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/07/04 11:22:36 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2008/07/04 11:22:36 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2007/03/28 18:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2007/03/28 18:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/03/28 18:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2007/03/28 18:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2007/03/28 18:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2007/03/28 18:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/05/29 09:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcd.sys -- (Nokia USB Phone Parent)
    DRV - [2006/05/29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcj.sys -- (Nokia USB Port)
    DRV - [2006/05/29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcm.sys -- (Nokia USB Modem)
    DRV - [2006/05/29 09:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdc.sys -- (Nokia USB Generic)
    DRV - [2005/09/20 12:22:37 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2005/03/07 14:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
    DRV - [2005/03/07 14:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
    DRV - [2004/10/27 18:46:23 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/07/21 12:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2004/03/04 17:24:12 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2003/08/09 21:14:55 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2003/08/09 21:14:55 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2003/08/09 21:14:55 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2003/08/09 21:14:55 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2003/08/09 21:14:55 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/09/04 15:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
    DRV - [2002/08/14 06:03:00 | 000,034,578 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS -- (NPDriver)
    DRV - [2002/05/16 19:36:44 | 001,078,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
    DRV - [2002/01/31 04:58:18 | 000,069,920 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slz1unic.sys -- (slz1unic) SL Series (WDM)
    DRV - [2002/01/31 04:58:18 | 000,017,808 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\slz1nd5.sys -- (slz1nd5) SL Series (NDIS)
    DRV - [2002/01/24 06:45:37 | 000,015,399 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\netmotcm.sys -- (ndiscm)
    DRV - [2001/09/03 18:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139)
    DRV - [2001/08/17 14:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
    DRV - [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
    DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
    DRV - [2001/02/28 11:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)
    DRV - [2001/01/07 21:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbbc.sys -- (Wdm1)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\PANELS\BLANK.HTM
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost;*.local



    O1 HOSTS File: ([2011/03/20 01:34:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\WebBrowser: (no name) - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
    O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\SYSTEM32\TaskSwitch.exe ()
    O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
    O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-357464061-97400744-4212676017-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-357464061-97400744-4212676017-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Mary\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: E-&mail Page - C:\WINDOWS\Web\Mailto_URL.HTM ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
    O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: adobe.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: clubcoach.net ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: msn.com ([my] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: peapod.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: rockymountainhpc.com ([www] http in Local intranet)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: rockymountainhpc.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: symantec.com ([www] https in Trusted sites)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} http://download.richfx.com/player/mediaversion/005/latest/twophase.cab (RFXPlayer Class)
    O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} http://office.microsoft.com/productupdates/content/opuc/opuc.cab (OPUCatalog Class)
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} http://69.43.133.73/plugin/axversion/1410/printquick1410.cab (printQuick Browser Add In (Ver4))
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129342033015 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (Webshots Photo Uploader)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (ActiveDataInfo Class)
    O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: symsupportutil https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/05/18 19:15:33 | 000,000,120 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\...com [@ = ComFile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\Dvc.dll (Adaptec)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
     
  16. 2011/03/23
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    PART 2 OTL report
    ================================================

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/20 00:54:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/20 00:48:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/20 00:48:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/20 00:48:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/20 00:48:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/20 00:42:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/20 00:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/17 09:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Application Data\SUPERAntiSpyware.com
    [2011/03/17 09:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/03/17 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/03/17 09:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/03/12 03:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/02/22 02:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2011/02/22 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/02/22 02:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/22 01:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/02/20 17:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Application Data\IObit

    ========== Files - Modified Within 30 Days ==========

    [2011/03/22 01:21:47 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
    [2011/03/22 01:21:38 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
    [2011/03/22 00:27:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/22 00:00:03 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
    [2011/03/21 19:54:11 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/21 19:53:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/03/21 19:53:18 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/20 01:34:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2011/03/20 00:54:46 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2011/03/17 09:34:42 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER AntiSpyware.lnk
    [2011/03/17 02:05:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2011/03/15 00:44:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2011/03/15 00:44:02 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2011/03/12 15:23:18 | 000,432,360 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110317-132315.backup
    [2011/03/12 03:33:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/01 06:08:28 | 000,431,486 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110312-142317.backup
    [2011/02/25 23:57:46 | 000,000,439 | ---- | M] () -- C:\WINDOWS\Adobereg.db
    [2011/02/22 02:24:40 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/02/22 00:30:54 | 000,400,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2011/03/20 00:54:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/03/20 00:54:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/20 00:48:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/20 00:48:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/20 00:48:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/20 00:48:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/20 00:48:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/17 09:34:42 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER AntiSpyware.lnk
    [2011/02/22 02:24:40 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/12/31 03:22:50 | 003,566,434 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
    [2010/12/31 03:22:50 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll
    [2010/12/31 03:22:50 | 000,042,108 | ---- | C] () -- C:\WINDOWS\System32\fun_avutil.dll
    [2010/12/31 03:22:49 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll
    [2010/12/31 03:22:49 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll
    [2010/12/31 03:22:48 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll
    [2010/12/31 03:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll
    [2010/12/31 03:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll
    [2009/01/25 23:20:02 | 000,021,931 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\Tab Separated Values (Windows).ADR
    [2008/10/26 21:56:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/03/07 21:25:52 | 000,005,793 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\NMM-MetaData.db
    [2008/02/22 21:59:20 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins002.exe
    [2008/02/22 21:59:20 | 000,002,542 | ---- | C] () -- C:\WINDOWS\unins002.dat
    [2007/06/04 20:06:11 | 000,003,590 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2007/06/04 20:05:29 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
    [2007/06/04 20:04:35 | 000,000,350 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp AMG License.dat
    [2007/06/04 20:02:27 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
    [2007/06/04 20:02:19 | 000,002,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
    [2007/06/04 20:02:12 | 000,003,087 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    [2007/06/04 20:02:04 | 000,003,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
    [2007/06/04 20:01:56 | 000,002,920 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2007/06/04 20:01:44 | 000,003,494 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
    [2007/06/04 20:01:40 | 000,002,814 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
    [2007/06/04 20:01:36 | 000,014,189 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2007/05/24 19:47:51 | 001,057,656 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2007/04/02 19:05:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
    [2007/04/01 19:45:56 | 000,000,599 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/04/01 19:45:43 | 000,001,484 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2007/04/01 19:45:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
    [2007/04/01 19:45:16 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DAT
    [2007/04/01 19:40:03 | 000,053,683 | ---- | C] () -- C:\WINDOWS\hppins02.dat
    [2007/04/01 19:40:03 | 000,002,037 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
    [2007/03/11 13:03:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2007/01/19 22:56:59 | 000,000,159 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
    [2007/01/05 21:07:33 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/16 21:35:15 | 000,059,056 | ---- | C] () -- C:\WINDOWS\System32\WebIQEngineSetup.exe
    [2006/08/31 12:46:13 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2006/07/05 19:22:54 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_clipboardhelpandspell_InstallInfo.dat
    [2006/07/05 19:22:54 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\DonationCoder_clipboardhelpandspell_InstallInfo.dat
    [2006/07/03 22:07:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
    [2006/07/02 21:22:50 | 000,000,558 | ---- | C] () -- C:\WINDOWS\roughdraft.INI
    [2006/07/01 21:21:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/06/21 12:57:51 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
    [2006/06/21 12:57:51 | 000,003,953 | R--- | C] () -- C:\WINDOWS\System32\coinst.dll
    [2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2005/06/23 20:22:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/02/20 19:19:02 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
    [2005/02/20 18:39:31 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
    [2005/01/01 20:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2004/12/05 18:34:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\fusioncache.dat
    [2004/10/27 20:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
    [2004/10/27 20:01:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
    [2004/10/27 20:01:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2004/10/27 20:01:09 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2004/10/27 15:57:36 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{B62942EB-DD46-461A-A2E0-E8BE1B965A2D}.dat
    [2004/10/27 15:57:36 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{93E59561-4175-41D1-B3E1-0309B8EAC12C}.dat
    [2004/10/27 15:57:06 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{6B38199F-6084-4037-8224-F9BB41AB958F}.dat
    [2004/10/27 15:57:06 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{68EEAFBB-F38C-491F-9B82-4A6E52F16394}.dat
    [2004/10/27 15:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9AC4CF7A-4B3D-40A2-AF42-EBF9EBFC3B00}.dat
    [2004/10/27 15:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{33DB84B9-C15A-4CEF-8075-BDB69F939BFE}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{823B25B0-B9CB-4782-9818-F2F63DAEECDE}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{587FD2BE-CC38-4839-8191-9C6B3DEB7A38}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{56F8E066-79F5-4B60-A67D-C47B2E45E4D2}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{48310F95-D4CB-4530-B184-C09BF124CB68}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{35DCBD26-E9A6-4281-8251-45AF62CDA7AC}.dat
    [2004/10/27 15:52:50 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{0027B6D1-3F13-47B3-B3D7-0F515F98B9A9}.dat
    [2004/10/01 20:21:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
    [2004/08/21 05:36:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AnimWnd.dll
    [2004/07/23 21:58:52 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\ntl.ini
    [2004/07/23 21:36:45 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\ntl.nws
    [2004/07/05 19:47:53 | 000,008,085 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2004/05/30 12:25:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/05/30 11:49:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2004/05/15 21:11:44 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
    [2004/05/15 20:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
    [2004/05/15 20:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
    [2004/05/09 22:02:12 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\MstartSound.dll
    [2004/05/09 22:02:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\MstartScreen.dll
    [2004/05/09 22:02:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\MshutSound.dll
    [2004/05/09 22:02:10 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\MshutScreen.dll
    [2004/02/07 13:58:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2004/02/07 13:58:37 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
    [2004/02/07 13:58:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2004/01/31 01:22:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
    [2003/12/13 19:48:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\mrddll.dat
    [2003/12/07 19:19:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2003/11/16 17:34:10 | 000,700,416 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
    [2003/10/07 21:07:46 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\cntp.ini
    [2003/10/07 20:17:28 | 000,002,229 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\cntp.nws
    [2003/10/06 22:18:19 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\ntp.ini
    [2003/10/06 21:58:45 | 000,001,303 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\ntp.nws
    [2003/09/06 20:04:45 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll
    [2003/06/20 21:36:52 | 000,000,204 | ---- | C] () -- C:\WINDOWS\IPMonitor.ini
    [2003/06/17 06:25:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
    [2003/06/17 06:25:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2003/05/19 21:40:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\IrrShape.dll
    [2003/05/17 22:38:46 | 000,024,283 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\Comma Separated Values (Windows).ADR
    [2003/04/28 19:53:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\unVV3320.dll
    [2003/04/28 15:28:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
    [2003/04/28 15:28:27 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2003/04/28 15:28:27 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2003/04/16 19:32:59 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/04/09 18:43:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2003/04/06 20:59:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
    [2003/04/06 20:53:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL
    [2003/04/06 20:50:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP43.EXE
    [2003/03/22 19:06:48 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\WETSTD32.DLL
    [2003/03/22 19:06:45 | 001,204,224 | ---- | C] () -- C:\WINDOWS\System32\DTENGINE.DLL
    [2003/02/22 22:48:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
    [2003/02/17 18:51:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
    [2003/02/09 21:15:17 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2002/12/28 19:45:39 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Msapppio33.dll
    [2002/12/17 20:44:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
    [2002/12/14 20:31:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\PhotoJam3.ini
    [2002/12/13 21:21:01 | 000,000,788 | ---- | C] () -- C:\WINDOWS\unins001.dat
    [2002/12/13 21:20:31 | 000,000,788 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2002/12/10 21:49:27 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM6.dll
    [2002/12/10 21:49:27 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP6.dll
    [2002/12/10 21:49:27 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\InetIPLPX.dll
    [2002/12/10 21:49:27 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM5.dll
    [2002/12/10 21:49:27 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP5.dll
    [2002/12/10 21:49:26 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\InetIPLA6.dll
    [2002/12/10 21:49:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\InetIPL.dll
    [2002/12/10 21:49:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2002/12/10 21:48:51 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PhotoMontage.ini
    [2002/12/10 21:48:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PhotoFantasy.ini
    [2002/12/10 21:47:45 | 000,000,087 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2002/12/10 21:47:34 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2002/11/18 22:44:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\dm.ini
    [2002/11/13 12:06:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/11/10 19:27:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP100JPR.{PB
    [2002/11/10 19:27:05 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP100JCM.{PB
    [2002/11/10 18:42:50 | 000,002,075 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2002/11/10 12:47:23 | 000,000,418 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2002/10/21 12:14:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2002/10/21 12:05:53 | 000,001,060 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2002/10/21 12:05:51 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
    [2002/10/21 12:05:51 | 000,000,844 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2002/10/21 12:04:23 | 000,000,318 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
    [2002/10/21 12:04:23 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
    [2002/10/21 12:04:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2002/10/21 12:04:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
    [2002/10/21 11:58:28 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2002/10/21 11:52:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2002/10/21 11:52:04 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2002/10/21 11:52:04 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2002/10/21 11:39:24 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2002/06/25 08:17:54 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini
    [2002/04/30 16:00:00 | 000,000,321 | ---- | C] () -- C:\WINDOWS\LProL.ini
    [2002/03/19 19:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
    [2002/03/19 18:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
    [2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
    [2002/03/19 17:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
    [2001/08/31 11:55:56 | 000,400,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2001/08/31 11:50:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2001/08/31 11:47:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2001/08/23 16:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/23 16:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
    [2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
    [2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
    [2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
    [2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
    [2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2001/08/02 12:56:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
    [2001/03/29 02:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
    [2000/12/13 19:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe
    [1999/08/31 15:15:02 | 000,066,848 | ---- | C] () -- C:\WINDOWS\filter.exe
    [1999/08/12 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
    [1999/08/12 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1997/06/18 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
    [1980/01/01 01:00:00 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys

    ========== LOP Check ==========


    [2002/10/21 12:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2008/03/07 20:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2005/07/11 21:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
    [2008/03/07 20:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2004/02/18 15:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2010/06/25 01:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
    [2009/12/26 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
    [2002/12/14 20:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shockwave.com
    [2011/03/17 13:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/01/12 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
    [2010/10/21 22:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/05/03 21:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2003/12/08 22:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\3M
    [2005/02/11 23:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Active Disk
    [2002/11/19 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Aladdin Systems
    [2008/03/07 21:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Datalayer
    [2007/06/04 20:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\dBpoweramp
    [2010/11/09 04:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\FreeVideoConverter
    [2007/05/12 19:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\GetRightToGo
    [2011/02/20 17:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\IObit
    [2004/05/30 11:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Leadertech
    [2005/05/20 19:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\MSN Search Toolbar
    [2004/05/05 18:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\MyPrivacy
    [2010/12/04 00:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Nokia
    [2009/02/05 22:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Nokia Multimedia Player
    [2009/02/05 22:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\PC Suite
    [2010/06/25 01:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\r2 Studios
    [2002/12/14 20:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\shockwave.com
    [2003/07/03 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\The Labyrinth Plus! Edition
    [2004/02/28 23:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\WebCompiler2
    [2006/04/01 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\XnView
    [2003/01/11 22:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Active Disk
    [2005/10/01 15:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\MSN Search Toolbar

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/05/02 21:32:47 | 000,043,883 | ---- | M] () -- C:\aaw7boot.log
    [2003/05/18 19:15:33 | 000,000,120 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/02/12 16:30:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/03/20 00:54:46 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2001/08/31 11:29:14 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/20 02:23:08 | 000,017,300 | ---- | M] () -- C:\ComboFix.txt
    [2001/08/31 11:50:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/02/19 22:50:20 | 000,000,000 | ---- | M] () -- C:\conmgr.log
    [2005/01/16 13:25:53 | 000,009,117 | ---- | M] () -- C:\Ctp.log
    [2002/10/21 11:43:22 | 000,004,986 | RH-- | M] () -- C:\DELL.SDR
    [2010/09/16 22:08:46 | 000,075,228 | ---- | M] () -- C:\devicetable.log
    [2011/03/21 19:53:18 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2001/08/31 11:50:52 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2002/10/21 12:08:02 | 000,000,319 | -H-- | M] () -- C:\IPH.PH
    [2003/05/18 19:30:30 | 000,000,113 | ---- | M] () -- C:\log.txt
    [2001/08/31 11:50:52 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2002/01/05 04:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
    [2006/07/01 21:41:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/02/27 23:18:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2011/03/21 19:53:14 | 1608,228,864 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/21 00:57:58 | 000,000,471 | ---- | M] () -- C:\rkill.log
    [2011/03/15 04:07:00 | 000,059,082 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_15.03.2011_03.55.39_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2001/08/31 11:50:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2002/02/12 01:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD43.DLL
    [2002/02/12 01:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP43.DLL
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
    [2005/09/16 20:48:52 | 000,066,048 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\HPZPP3Y0.DLL
    [2002/06/25 08:17:56 | 000,079,872 | ---- | M] (Lexmark International) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LXBBPP5C.DLL
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe
    [2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\wfxprint2000.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/06/04 22:39:00 | 000,001,826 | -H-- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2000/12/12 12:17:40 | 000,100,432 | ---- | M] () -- C:\Program Files\Win2000PPAHotfix.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2001/08/31 11:38:54 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2001/08/31 11:38:54 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2001/08/31 11:38:54 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/02/27 23:27:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/07/01 22:55:39 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
    [2002/11/13 12:19:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >
    [2006/07/02 18:15:02 | 000,439,296 | ---- | M] (Citrix Online) -- C:\WINDOWS\JAVA\remote.exe

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/07/01 22:55:39 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mary\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/02/04 14:38:03 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Mary\Cookies\desktop.ini
    [2011/03/22 01:02:48 | 000,753,664 | ---- | M] () -- C:\Documents and Settings\Mary\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2002/02/12 18:52:30 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\migrate.dll
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2002/02/12 18:52:28 | 000,004,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsmigr.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/29 06:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2003/03/21 19:51:56 | 000,007,680 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [2000/09/11 08:00:00 | 000,009,597 | ---- | M] () -- C:\WINDOWS\SYSTEM\RDB16.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >
     
  17. 2011/03/23
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Extras report
    -----------------
    OTL Extras logfile created on: 3/22/2011 1:06:05 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Terry\My Documents\Updates and new software\updated programs
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 371.00 Mb Available Physical Memory | 36.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.24 Gb Total Space | 7.59 Gb Free Space | 20.39% Space Free | Partition Type: NTFS
    Drive G: | 111.79 Gb Total Space | 22.72 Gb Free Space | 20.33% Space Free | Partition Type: NTFS

    Computer Name: D2DW9021 | User Name: Mary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

    [HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .hta [@ = htafile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- "C:\Program Files\JGsoft\EditPadLite\EditPad.exe" "%1" (JGsoft - Just Great Software)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
    "1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
    "500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
    "1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
    "500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
    "7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288
    "7289:TCP" = 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289
    "7290:TCP" = 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290
    "7291:TCP" = 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291
    "7292:TCP" = 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292
    "7293:TCP" = 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293
    "7294:TCP" = 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294
    "7295:TCP" = 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295
    "7296:TCP" = 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296
    "7297:TCP" = 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{01ADCC5D-45B4-45E4-AC5C-C06E044B16DF}" = hppIOFiles
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
    "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
    "{0EF45FEA-E3C1-4660-854A-810C1BA169E2}" = hppLJ3390
    "{1126EA35-9A55-4152-AA35-29865470F172}" = Memory Card Utility
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
    "{173D5E9E-8ABC-4EB2-B371-18AF8812A91D}" = hppFaxUtility
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
    "{2304F821-BA4F-4f0c-B971-C5A1ADC919AB}" = Windows XP Valentine Screen Saver
    "{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
    "{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
    "{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
    "{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}" = Microsoft Office HTML Filter 2.0
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
    "{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
    "{347D1603-FA83-4B2C-B504-8BC1FF59DB50}" = Digital Photography Winter Fun Pack
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
    "{41915CC3-BD28-43C3-9C94-1A7548DEF582}" = StuffIt Standard Edition 7.5
    "{43C3D832-AC96-463A-2003-1B8D1BFA252F}" = Norton SystemWorks 2003
    "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
    "{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
    "{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
    "{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
    "{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
    "{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
    "{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
    "{4D82392D-AF90-4159-9A14-887BBC835191}" = hpp3390usg
    "{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.6.2
    "{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
    "{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}" = Windows Media Player 9 Series Winter Fun Pack
    "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{62D416D9-C992-40DE-8A37-2EA9A55F44A9}" = Aladdin Expander 5.1
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{663D8AAF-CB71-4056-8C60-1D85BC576C6E}" = hppTooCool
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
    "{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
    "{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
    "{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{79353B3C-D3CA-4C43-A4E7-BD6D1FB6F4B1}" = mobilePDR
    "{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
    "{7A4CFCAC-68DC-4A56-AFCB-DA236E8B363F}_is1" = Angel Writer 3.1
    "{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e
    "{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}" = Readiris Pro 11
    "{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
    "{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager
    "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
    "{8B677453-F9D2-4387-B030-E669B28B8A08}" = hppToolBoxFX
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
    "{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
    "{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
    "{98FD8BB5-59A9-4163-883C-2997F7BB59D9}" = Microsoft Video Screensaver
    "{993CD8D4-AED6-45E2-8AA5-D7DFAA60DE6F}" = hppScanTo
    "{A0B42136-C813-4FB4-84A1-C41E6F12410B}" = hppSendFax
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5A93185-26A8-4F02-B021-D6E6A4396441}" = hppManuals3390
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B2586CA8-0F12-11D3-8258-00C04F6843FE}" = Microsoft Office 2000 Web Archive Add-On
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
    "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C21440-3251-40B1-BB74-9C50C6890D89}" = Intellisync for SL
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
    "{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
    "{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
    "{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
    "{D5E31EEE-CD8A-4E01-87F1-119C4A3201FD}" = hppscan3390
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
    "{DA187171-D434-4601-8959-478DE5BD6255}" = Nokia MTP driver
    "{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{DB7F1657-6164-40AE-8A94-8F785C0C3E3F}" = hppFaxDrv3390
    "{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
    "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
    "{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}" = NPM_DRM_COLLECTION
    "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
    "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
    "{E94E150C-762B-4cd1-8A54-7228A07C0710}" = HP LaserJet 3050/3052/3055/3390/3392 2.0
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
    "{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
    "{F2270CE2-0373-4D39-8783-2F1542B7D310}" = hpzTLBXFX
    "{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
    "{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
    "{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
    "{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
    "{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
    "{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
    "3D Windows XP" = 3D Windows XP Screen Saver
    "Active Disk" = Active Disk
    "Adobe Dimensions 3.0" = Adobe Dimensions 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe PDF IFilter 6.0" = Adobe PDF IFilter 6.0
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe Streamline 4.0" = Adobe Streamline 4.0
    "AdobeESD" = Adobe Download Manager (Remove Only)
    "Agent Ransack_is1" = Agent Ransack Version 1.7.3
    "Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2
    "AM-DeadLink" = AM-DeadLink
    "AmericanFlag" = American Flag Screen Saver
    "AnarkClient" = Anark Client 1.0
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "BHODemon_is1" = BHODemon 2.0.0.18
    "Browser Hijack Blaster_is1" = Browser Hijack Blaster v1.0
    "Cakewalk Pyro 5" = Cakewalk Pyro 5
    "CANONBJ_Deinstall_CNMCP43.DLL" = Canon S530D
    "dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
    "dBpoweramp AMG License" = dBpoweramp AMG License
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp m4a Codec" = dBpoweramp m4a Codec
    "dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
    "dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
    "dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
    "DHE The Fast WEB Editor_is1" = DHE Editor 1.7 Basic
    "Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
    "EditPad Lite" = JGsoft EditPad Lite 5.4.6
    "e-Life Pal" = e-Life Pal
    "ePocrates ePocrates software for PalmOS" = Epocrates Epocrates software for PalmOS
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileZilla" = FileZilla (remove only)
    "FLV Player" = FLV Player 2.0 (build 25)
    "Free FLV Converter_is1" = Free FLV Converter V 5.8
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.3
    "Free Video Converter_is1" = Free Video Converter V 2.8
    "Gif Vault" = Gif Vault
    "Greeting Card Creator 32" = Greeting Card Creator 32
    "Holiday Snowflakes Screen Saver_is1" = Holiday Snowflakes Screen Saver 1.2
    "hp instant support" = hp instant support
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
    "InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
    "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
    "InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
    "InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
    "IomegaWare" = IomegaWare 4.0.2
    "IrfanView" = IrfanView (remove only)
    "LabelCreator Pro" = LabelCreator Pro
    "Lexmark X74-X75" = Lexmark X74-X75
    "LiveReg" = LiveReg (Symantec Corporation)
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSTrueTypeProperties" = Microsoft OpenType Font Properties Extension (Remove Only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Norton CleanSweep" = Norton CleanSweep
    "Norton Speed Disk" = Norton Speed Disk 7.0 for Windows NT
    "Norton Utilities" = Norton Utilities 2003 for Windows
    "NoteTab Light_is1" = NoteTab Light (Remove only)
    "NoteTab Pro_is1" = NoteTab Pro (Remove only)
    "Optimum Online net guide" = Optimum Online net guide
    "PDF reDirect" = PDF reDirect (remove only)
    "PhotoJam 3" = PhotoJam 3
    "Picasa2" = Picasa 2
    "PrimoPDF3.0" = PrimoPDF
    "PSN" = Post-it® Software Notes Lite
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "PVR HD Series" = PVR HD Series
    "Q903235" = Internet Explorer Q903235
    "RealPlayer 6.0" = RealPlayer
    "Registry First Aid_is1" = Registry First Aid
    "Revo Uninstaller" = Revo Uninstaller 1.88
    "RoughDraft" = RoughDraft 3.0
    "Screen Saver Magic- Deluxe Edition 6.0" = Screen Saver Magic- Deluxe Edition 6.0
    "Shockwave" = Shockwave
    "Shortcuts Map 2" = Shortcuts Map 2.2 (remove only)
    "Simple Family Tree" = Simple Family Tree (remove only)
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "Startup Delayer" = Startup Delayer v2.5 (build 138)
    "SymSetup.{8315D4B0-9BF2-4D63-8654-74B89D288D6E}" = Norton Password Manager (Symantec Corporation)
    "SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
    "TreeSize_is1" = TreeSize 1.7
    "TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordWeb" = WordWeb
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "X-Fonter_is1" = X-Fonter 4.0
    "XnView_is1" = XnView 1.80.3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Pixie" = Pixie 3.1 (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/13/2011 4:45:54 AM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/15/2011 3:36:58 AM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/17/2011 9:26:02 AM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/18/2011 1:06:19 PM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/19/2011 8:16:05 PM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/20/2011 12:58:54 AM | Computer Name = D2DW9021 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 3/20/2011 12:58:54 AM | Computer Name = D2DW9021 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 3/20/2011 12:58:54 AM | Computer Name = D2DW9021 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 3/21/2011 12:35:10 AM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    Error - 3/22/2011 12:57:16 AM | Computer Name = D2DW9021 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    unknown, version 0.0.0.0, fault address 0x3ff54578.

    [ System Events ]
    Error - 3/20/2011 10:50:51 PM | Computer Name = D2DW9021 | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {138C5C9A-E6DD-4BE9-AD7A-78DD3659F729}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 3/20/2011 10:54:50 PM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/20/2011 10:55:25 PM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/21/2011 1:11:48 AM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/21/2011 1:12:19 AM | Computer Name = D2DW9021 | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {138C5C9A-E6DD-4BE9-AD7A-78DD3659F729}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 3/21/2011 1:17:27 AM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/21/2011 8:01:34 PM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/21/2011 8:02:24 PM | Computer Name = D2DW9021 | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {138C5C9A-E6DD-4BE9-AD7A-78DD3659F729}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 3/21/2011 8:08:03 PM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 3/21/2011 8:08:38 PM | Computer Name = D2DW9021 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    < End of report >
     
  18. 2011/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (aawservice)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost
      IE - HKU\S-1-5-21-357464061-97400744-4212676017-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1;dynhost.inetcam.com;register.inetcam.com;http://localhost;*.local
      IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
      IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
      IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
      IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O3 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..\Toolbar\WebBrowser: (no name) - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - Reg Error: Value error. File not found
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: ([]msn in My Computer)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: adobe.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: clubcoach.net ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: msn.com ([my] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: peapod.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: rockymountainhpc.com ([www] http in Local intranet)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: rockymountainhpc.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-357464061-97400744-4212676017-1006\..Trusted Domains: symantec.com ([www] https in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/tech...ActiveData.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: symsupportutil https://www-secure.symantec.com/tech...upportutil.CAB (Reg Error: Key error.)
      @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
       "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
       "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. 2011/03/26
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Thanks again for sharing your time and knowledge.

    Attached are the requested scans: OTL, Checkup, ESET.

    Note: I had a problem updating Java so I removed it and installed the latest version.

    While my computer is working better, it still takes a long time to startup: 21 minutes from initial startup until the processing light stops and I can open programs. It used to take only a few minutes, five at most. Also, it took 17 minutes for the Add/Remove program list to be "populated" after the control panel was opened. I had to turn off the automatic Antivirus scan for Microsoft Word because it took so long. Once the computer finishes "communicating/processing" everything seems to work fine.

    Consequently, I decided to re-run two of the programs you suggested after the other scans were done: MalwareBytes and SuperAntispyware. I have posted the results of the two additional scans that show more infected files were removed. Specifically, two infected Registry Data Items and a Trojan file were found and removed. The same infected Registry Data items were also removed on the first scan.

    This leads me to believe that my Norton Internet Security 2005 is not protecting my computer adequately. Prior to you giving me repair instructions, I had run Norton Antivirus and Spybot Search & Destroy and nothing was found.

    Question: Would a newer version of Norton Internet Security provide better protection or just more "bells and whistles? "

    Also, I thought of another possiblity for my problem:
    Have Microsoft and other security applications "loaded down" their programs with so many security files that my ten year old computer is just overburdened?

    Anyway, I look forward to your comments and suggestions. Thanks again.
    =========================================
    All processes killed
    ========== OTL ==========
    Service aawservice stopped successfully!
    Service aawservice deleted successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-357464061-97400744-4212676017-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
    HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry value HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clubcoach.net\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\my\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\peapod.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rockymountainhpc.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rockymountainhpc.com\www\ not found.
    Registry key HKEY_USERS\S-1-5-21-357464061-97400744-4212676017-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\symantec.com\www\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}\ not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
    Starting removal of ActiveX control symsupportutil
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\symsupportutil\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\symsupportutil\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\symsupportutil\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: Mary
    ->Temp folder emptied: 11774438 bytes
    ->Temporary Internet Files folder emptied: 491922 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 3340 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Terry
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 23078 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mary
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    User: Terry

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03242011_033705

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    =======================================

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    Norton AntiVirus 2005
    Norton Internet Security 2005 (Symantec Corporation)
    Norton Internet Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date Spybot installed!
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.2.6
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton Internet Security Norton AntiVirus navapsvc.exe
    ``````````End of Log````````````

    =========================================

    ESET online scan

    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP1749\A0291499.exe probably a variant of Win32/Spy.Agent.FGUGTOG trojan

    =========================================

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6170

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/25/2011 2:21:19 PM
    mbam-log-2011-03-25 (14-21-18).txt

    Scan type: Quick scan
    Objects scanned: 183307
    Time elapsed: 40 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    =========================================

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/25/2011 at 05:22 PM

    Application Version : 4.50.1002

    Core Rules Database Version : 6675
    Trace Rules Database Version: 4487

    Scan type : Quick Scan
    Total Scan Time : 02:05:52

    Memory items scanned : 522
    Memory threats detected : 0
    Registry items scanned : 2261
    Registry threats detected : 0
    File items scanned : 13447
    File threats detected : 13

    Adware.Tracking Cookie
    C:\Documents and Settings\Mary\Cookies\mary@revsci[1].txt
    C:\Documents and Settings\Mary\Cookies\mary@collective-media[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@legolas-media[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@interclick[1].txt
    C:\Documents and Settings\Mary\Cookies\mary@invitemedia[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@ads.bleepingcomputer[1].txt
    C:\Documents and Settings\Mary\Cookies\mary@myaccount.nytimes[1].txt
    C:\Documents and Settings\Mary\Cookies\mary@mediabrandsww[1].txt
    C:\Documents and Settings\Mary\Cookies\mary@andomedia[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@insightexpressai[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@ads.infinisource[2].txt
    C:\Documents and Settings\Mary\Cookies\mary@media6degrees[2].txt

    Trojan.Dropper/Gen
    C:\RECYCLER\NPROTECT\00000896.EXE

    ==================== END OF POST====================
     
  20. 2011/03/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =====================================================

    Norton 2005 is a really old version, so we may consider switching to something else.

    Regarding your startup time....
    Let's try something....

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
  21. 2011/03/30
    macpez

    macpez Inactive Thread Starter

    Joined:
    2004/02/20
    Messages:
    47
    Likes Received:
    0
    Hello. I did the startup test and below are the results.

    1) Startup with "everything" disabled as instructed: six (6) minutes to fully boot.

    2) Startup with "everything "selected" (all startup items): Thirty six (36) minutes to fully boot.

    3) Startup with "custom startup items selected" (usual items I use): 18 minutes to fully boot (processing light off/communication stopped.)

    Based on these results, I have two questions:

    1) Why would startup time go from 6 or 7 minutes to 18 minutes when no new startup items were added? (Norton Internet Security and Microsoft updates?)

    2) What startup items appear to be the problem based on the previous scans?

    3) Should I do a "process of elimination" startup test and try turning individual items off and on?

    4) And last, your recommendations on computer security in the future.

    Thanks again for your help.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.