TechSpot

No Internet after ComboFix - WinXP

By UserError404
Dec 28, 2011
  1. Hi All,

    I am attempting to clean up someone elses mistakes here so don't yell at me =)

    Short version as I was told:

    My Aunt's computer got the Internet Security Virus. So my cousin attempted to clear it out himself. He was able to clear out the Security Virus, but it seems that pieces were left behind - Firefox was randomly opening websites thorough the day. At this point he decided to download and run combofix.

    After it running, the internet connection was completely gone as well as the computer telling him that there were bad sectors on the disk and to run chkdsk. chkdsk found no bad sectors when run from the original Dell WinXP CD

    My aunt called me up and now it's my job to fix it. I am heading there tonight to try and fix it but need some help. (2-3 hours from now)

    From what I remember, currently installed on the machine should be MalwareBytes & Microsoft Security Essentials.

    I will bring my laptop with and need to transfer logs back in forth so please be patient with my reply speed.

    Thanks
     
  2. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    Logs

    Malwarebytes' Anti-Malware 1.41
    Database version: 3166
    Windows 5.1.2600 Service Pack 3

    12/28/2011 5:43:17 PM
    mbam-log-2011-12-28 (17-43-17).txt

    Scan type: Quick Scan
    Objects scanned: 119528
    Time elapsed: 3 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-28 17:52:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.ADA
    Running: czf17fyv.exe; Driver: C:\DOCUME~1\CAROLV~1\LOCALS~1\Temp\uxtdiuow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by Carol Verzani at 17:54:48 on 2011-12-28
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -6:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Norton Internet Security *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\tbh\base\bin\tbhSystray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Documents and Settings\Carol Verzani\Application Data\Smilebox\SmileboxTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Carol Verzani\Desktop\czf17fyv.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/options&s=Pj92DVd00b-IyBK6cxpPeV9bH2M
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [SmileboxTray] "c:\documents and settings\carol verzani\application data\smilebox\SmileboxTray.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: plaxo.com\www
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LMIinit - LMIinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\carol verzani\application data\mozilla\firefox\profiles\fmpnwvc7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w&ind=2011112815&ptnrS=ZRxdm985YYUS&si=&n=77df256f&psa=&st=kwd&searchfor=
    FF - plugin: c:\documents and settings\carol verzani\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\carol verzani\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\carol verzani\application data\mozilla\firefox\profiles\fmpnwvc7.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\carol verzani\application data\mozilla\firefox\profiles\fmpnwvc7.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\carol verzani\application data\Move Networks
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-12-27 149352]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-12-27 149352]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-12-27 149352]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-5 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-3 47640]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-13 38224]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-2 1251720]
    S1 MpKsl0908dc7e;MpKsl0908dc7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5545aab1-b58d-4b49-a0d9-106b136a7e00}\mpksl0908dc7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5545aab1-b58d-4b49-a0d9-106b136a7e00}\MpKsl0908dc7e.sys [?]
    S1 MpKsl1af499ba;MpKsl1af499ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ac49af3-fafe-416f-90c3-35ce2fce0409}\mpksl1af499ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ac49af3-fafe-416f-90c3-35ce2fce0409}\MpKsl1af499ba.sys [?]
    S1 MpKsl2cc0d367;MpKsl2cc0d367;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eed78739-5118-49f9-8619-7ca9045a4faa}\mpksl2cc0d367.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eed78739-5118-49f9-8619-7ca9045a4faa}\MpKsl2cc0d367.sys [?]
    S1 MpKsl3568d97b;MpKsl3568d97b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ed745b4-2585-4e5d-bd9e-008641761acc}\mpksl3568d97b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ed745b4-2585-4e5d-bd9e-008641761acc}\MpKsl3568d97b.sys [?]
    S1 MpKsl3b883487;MpKsl3b883487;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d4b40a8-ff6e-4767-9907-a140280a58f0}\mpksl3b883487.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d4b40a8-ff6e-4767-9907-a140280a58f0}\MpKsl3b883487.sys [?]
    S1 MpKsl46981d84;MpKsl46981d84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc726db6-269f-4096-9343-3b4d68f767f8}\mpksl46981d84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc726db6-269f-4096-9343-3b4d68f767f8}\MpKsl46981d84.sys [?]
    S1 MpKsl4a4902fd;MpKsl4a4902fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04d3007d-e2ac-44df-af8b-930bef4ba4d1}\mpksl4a4902fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04d3007d-e2ac-44df-af8b-930bef4ba4d1}\MpKsl4a4902fd.sys [?]
    S1 MpKsl509da318;MpKsl509da318;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8707801-ac9d-42a8-813b-9c6f08275e0a}\mpksl509da318.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8707801-ac9d-42a8-813b-9c6f08275e0a}\MpKsl509da318.sys [?]
    S1 MpKsl564bff37;MpKsl564bff37;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{becf9f57-c3df-43e8-8bfa-9dd314adba7f}\mpksl564bff37.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{becf9f57-c3df-43e8-8bfa-9dd314adba7f}\MpKsl564bff37.sys [?]
    S1 MpKsl60d6ac92;MpKsl60d6ac92;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aec34841-16c7-4f8b-bf8e-5b48001c7c2f}\mpksl60d6ac92.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aec34841-16c7-4f8b-bf8e-5b48001c7c2f}\MpKsl60d6ac92.sys [?]
    S1 MpKsl68773eed;MpKsl68773eed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8e4d212-5c59-4819-8edc-92025d999e86}\mpksl68773eed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8e4d212-5c59-4819-8edc-92025d999e86}\MpKsl68773eed.sys [?]
    S1 MpKsl755db92c;MpKsl755db92c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0d37bb6-615d-44ea-a5a3-282839982b0f}\mpksl755db92c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0d37bb6-615d-44ea-a5a3-282839982b0f}\MpKsl755db92c.sys [?]
    S1 MpKsl75c4b2bf;MpKsl75c4b2bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73dd3f2c-e007-4fb5-acd2-82c2609ac6a0}\mpksl75c4b2bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73dd3f2c-e007-4fb5-acd2-82c2609ac6a0}\MpKsl75c4b2bf.sys [?]
    S1 MpKsl779a7e9b;MpKsl779a7e9b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ad05181-f878-457e-96c2-d150c6c55d02}\mpksl779a7e9b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ad05181-f878-457e-96c2-d150c6c55d02}\MpKsl779a7e9b.sys [?]
    S1 MpKsl8d7a117a;MpKsl8d7a117a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dafc59d6-b0d4-47af-9549-7556eb6e7f0d}\mpksl8d7a117a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dafc59d6-b0d4-47af-9549-7556eb6e7f0d}\MpKsl8d7a117a.sys [?]
    S1 MpKsla836ccc7;MpKsla836ccc7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aed1bab8-ae44-4f2c-9661-4db6ee31eda9}\mpksla836ccc7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aed1bab8-ae44-4f2c-9661-4db6ee31eda9}\MpKsla836ccc7.sys [?]
    S1 MpKslc1300d30;MpKslc1300d30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cacd1c44-f876-428a-bb69-4db57d9a26f2}\mpkslc1300d30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cacd1c44-f876-428a-bb69-4db57d9a26f2}\MpKslc1300d30.sys [?]
    S1 MpKslc9376e4b;MpKslc9376e4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2c7f1b8-0361-44cf-bce9-3fe25c18bd9d}\mpkslc9376e4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2c7f1b8-0361-44cf-bce9-3fe25c18bd9d}\MpKslc9376e4b.sys [?]
    S1 MpKslcb08027d;MpKslcb08027d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c5b0e6d-a1bc-4e7b-83fb-cc5aa42c02af}\mpkslcb08027d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c5b0e6d-a1bc-4e7b-83fb-cc5aa42c02af}\MpKslcb08027d.sys [?]
    S1 MpKslceddbb82;MpKslceddbb82;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b8f9f77-36b0-4e17-b054-445b210b6fd1}\mpkslceddbb82.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b8f9f77-36b0-4e17-b054-445b210b6fd1}\MpKslceddbb82.sys [?]
    S1 MpKsld1992b1f;MpKsld1992b1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8f502ce-ae41-4bb4-baf6-f8e9a587c38f}\mpksld1992b1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8f502ce-ae41-4bb4-baf6-f8e9a587c38f}\MpKsld1992b1f.sys [?]
    S1 MpKsldb0d6530;MpKsldb0d6530;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb3e1933-7e78-4f24-9e1c-046c6a629083}\mpksldb0d6530.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb3e1933-7e78-4f24-9e1c-046c6a629083}\MpKsldb0d6530.sys [?]
    S1 MpKslf0dd29f0;MpKslf0dd29f0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{104a2698-742a-4952-a579-e35634449808}\mpkslf0dd29f0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{104a2698-742a-4952-a579-e35634449808}\MpKslf0dd29f0.sys [?]
    S1 MpKslf4f77fbc;MpKslf4f77fbc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ad42d38-71f0-4b88-b509-642f60249008}\mpkslf4f77fbc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ad42d38-71f0-4b88-b509-642f60249008}\MpKslf4f77fbc.sys [?]
    S1 MpKslf93b0227;MpKslf93b0227;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43c4fdee-93bd-48a8-8ae7-74c0118fba5c}\mpkslf93b0227.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43c4fdee-93bd-48a8-8ae7-74c0118fba5c}\MpKslf93b0227.sys [?]
    S1 MpKslfa10bc56;MpKslfa10bc56;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17dd833f-0bdc-4156-b577-f71b65972c06}\mpkslfa10bc56.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17dd833f-0bdc-4156-b577-f71b65972c06}\MpKslfa10bc56.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
    S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-12-27 23888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110117.024\NAVENG.SYS [2011-1-17 86008]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110117.024\NAVEX15.SYS [2011-1-17 1360760]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-12-28 23:30:34 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{973193c9-bc4c-4271-bb30-c32cb9f9f013}\offreg.dll
    2011-12-22 02:36:06 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{973193c9-bc4c-4271-bb30-c32cb9f9f013}\mpengine.dll
    2011-12-22 01:07:56 -------- d-sha-r- C:\cmdcons
    2011-12-22 01:04:42 98816 ----a-w- c:\windows\sed.exe
    2011-12-22 01:04:42 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-22 01:04:42 256000 ----a-w- c:\windows\PEV.exe
    2011-12-22 01:04:42 208896 ----a-w- c:\windows\MBR.exe
    2011-12-08 01:03:00 -------- d-----w- c:\program files\comcast caller ID
    2011-12-08 01:02:45 -------- d-----w- c:\program files\New Folder
    .
    ==================== Find3M ====================
    .
    2011-12-08 01:00:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-10 01:23:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-10 01:23:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 17:55:20.73 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/8/2008 8:51:15 PM
    System Uptime: 12/28/2011 5:29:44 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0CU409
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 95.652 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C6300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1058: 9/23/2011 6:02:39 PM - Software Distribution Service 3.0
    RP1059: 9/24/2011 8:38:05 PM - Software Distribution Service 3.0
    RP1060: 9/26/2011 8:20:52 AM - Software Distribution Service 3.0
    RP1061: 9/27/2011 8:30:13 AM - Software Distribution Service 3.0
    RP1062: 9/28/2011 9:14:35 AM - Software Distribution Service 3.0
    RP1063: 9/29/2011 9:31:31 AM - System Checkpoint
    RP1064: 9/29/2011 3:16:30 PM - Software Distribution Service 3.0
    RP1065: 9/30/2011 5:13:19 PM - Software Distribution Service 3.0
    RP1066: 10/1/2011 6:09:42 PM - Software Distribution Service 3.0
    RP1067: 10/2/2011 8:58:13 PM - Software Distribution Service 3.0
    RP1068: 10/4/2011 9:27:19 PM - System Checkpoint
    RP1069: 10/4/2011 10:19:27 PM - Software Distribution Service 3.0
    RP1070: 10/6/2011 6:21:09 AM - Software Distribution Service 3.0
    RP1071: 10/6/2011 10:14:25 PM - Software Distribution Service 3.0
    RP1072: 10/7/2011 10:23:41 PM - Software Distribution Service 3.0
    RP1073: 10/8/2011 11:33:03 PM - Software Distribution Service 3.0
    RP1074: 10/10/2011 1:47:18 AM - Software Distribution Service 3.0
    RP1075: 10/11/2011 2:08:39 AM - Software Distribution Service 3.0
    RP1076: 10/12/2011 6:22:33 AM - System Checkpoint
    RP1077: 10/12/2011 6:34:20 AM - Software Distribution Service 3.0
    RP1078: 10/13/2011 9:55:47 AM - System Checkpoint
    RP1079: 10/14/2011 8:03:10 PM - Software Distribution Service 3.0
    RP1080: 10/16/2011 8:00:07 AM - Software Distribution Service 3.0
    RP1081: 10/17/2011 8:38:16 AM - Software Distribution Service 3.0
    RP1082: 10/18/2011 10:12:25 AM - System Checkpoint
    RP1083: 10/18/2011 2:37:25 PM - Software Distribution Service 3.0
    RP1084: 10/19/2011 3:20:25 PM - Software Distribution Service 3.0
    RP1085: 10/20/2011 5:24:41 PM - Software Distribution Service 3.0
    RP1086: 10/21/2011 6:47:02 PM - System Checkpoint
    RP1087: 10/21/2011 8:53:48 PM - Software Distribution Service 3.0
    RP1088: 10/23/2011 2:13:41 AM - Software Distribution Service 3.0
    RP1089: 10/24/2011 9:24:45 AM - Software Distribution Service 3.0
    RP1090: 10/25/2011 9:52:04 AM - Software Distribution Service 3.0
    RP1091: 10/26/2011 12:32:25 PM - Software Distribution Service 3.0
    RP1092: 10/27/2011 12:35:39 PM - Software Distribution Service 3.0
    RP1093: 10/28/2011 1:38:15 PM - System Checkpoint
    RP1094: 10/28/2011 1:45:33 PM - Software Distribution Service 3.0
    RP1095: 10/29/2011 1:50:18 PM - System Checkpoint
    RP1096: 10/31/2011 8:46:54 AM - System Checkpoint
    RP1097: 10/31/2011 10:51:34 AM - Software Distribution Service 3.0
    RP1098: 11/1/2011 2:23:11 PM - Software Distribution Service 3.0
    RP1099: 11/2/2011 2:50:41 PM - System Checkpoint
    RP1100: 11/2/2011 11:28:23 PM - Software Distribution Service 3.0
    RP1101: 11/3/2011 6:40:45 PM - Software Distribution Service 3.0
    RP1102: 11/4/2011 8:17:11 PM - Software Distribution Service 3.0
    RP1103: 11/5/2011 11:39:33 PM - System Checkpoint
    RP1104: 11/7/2011 7:25:25 AM - Software Distribution Service 3.0
    RP1105: 11/8/2011 10:54:45 AM - Software Distribution Service 3.0
    RP1106: 11/9/2011 11:35:44 AM - System Checkpoint
    RP1107: 11/9/2011 12:42:40 PM - Software Distribution Service 3.0
    RP1108: 11/9/2011 7:10:12 PM - Removed Ask Toolbar.
    RP1109: 11/9/2011 7:17:23 PM - Removed Comcast Universal Caller ID
    RP1110: 11/9/2011 7:22:56 PM - Installed Java(TM) 6 Update 26
    RP1111: 11/10/2011 7:57:31 PM - System Checkpoint
    RP1112: 11/11/2011 1:22:59 AM - Software Distribution Service 3.0
    RP1113: 11/11/2011 10:51:32 AM - Software Distribution Service 3.0
    RP1114: 11/12/2011 11:18:10 AM - System Checkpoint
    RP1115: 11/13/2011 7:38:12 AM - Software Distribution Service 3.0
    RP1116: 11/14/2011 8:28:06 AM - Software Distribution Service 3.0
    RP1117: 11/15/2011 9:18:28 AM - Software Distribution Service 3.0
    RP1118: 11/16/2011 10:35:21 AM - System Checkpoint
    RP1119: 11/16/2011 9:35:47 PM - Software Distribution Service 3.0
    RP1120: 11/17/2011 9:30:49 PM - Software Distribution Service 3.0
    RP1121: 11/18/2011 9:42:27 PM - Software Distribution Service 3.0
    RP1122: 11/19/2011 9:53:11 PM - System Checkpoint
    RP1123: 11/21/2011 6:50:09 AM - System Checkpoint
    RP1124: 11/21/2011 7:41:14 AM - Software Distribution Service 3.0
    RP1125: 11/22/2011 8:18:26 AM - System Checkpoint
    RP1126: 11/22/2011 6:11:46 PM - Software Distribution Service 3.0
    RP1127: 11/23/2011 7:46:40 AM - Software Distribution Service 3.0
    RP1128: 11/24/2011 1:26:36 PM - System Checkpoint
    RP1129: 11/25/2011 4:01:20 PM - System Checkpoint
    RP1130: 11/26/2011 7:46:30 AM - Software Distribution Service 3.0
    RP1131: 11/27/2011 1:42:37 AM - Software Distribution Service 3.0
    RP1132: 11/28/2011 2:30:51 AM - System Checkpoint
    RP1133: 11/28/2011 2:47:07 AM - Software Distribution Service 3.0
    RP1134: 11/29/2011 3:37:22 AM - System Checkpoint
    RP1135: 11/29/2011 6:43:47 AM - Software Distribution Service 3.0
    RP1136: 11/30/2011 6:46:55 AM - System Checkpoint
    RP1137: 11/30/2011 6:48:24 AM - Software Distribution Service 3.0
    RP1138: 12/1/2011 7:27:07 AM - System Checkpoint
    RP1139: 12/1/2011 9:30:08 AM - Software Distribution Service 3.0
    RP1140: 12/2/2011 1:12:49 PM - System Checkpoint
    RP1141: 12/2/2011 1:19:48 PM - Software Distribution Service 3.0
    RP1142: 12/3/2011 3:02:27 PM - Software Distribution Service 3.0
    RP1143: 12/3/2011 6:29:35 PM - Removed Comcast Universal Caller ID
    RP1144: 12/3/2011 6:33:14 PM - Removed Comcast Universal Caller ID
    RP1145: 12/3/2011 6:35:40 PM - Removed Comcast Universal Caller ID
    RP1146: 12/4/2011 6:43:31 PM - System Checkpoint
    RP1147: 12/5/2011 11:45:18 AM - Software Distribution Service 3.0
    RP1148: 12/6/2011 11:46:20 AM - Software Distribution Service 3.0
    RP1149: 12/7/2011 11:48:13 AM - System Checkpoint
    RP1150: 12/7/2011 6:32:40 PM - Removed Comcast Universal Caller ID
    RP1151: 12/7/2011 7:07:22 PM - Software Distribution Service 3.0
    RP1152: 12/8/2011 7:02:23 PM - Software Distribution Service 3.0
    RP1153: 12/9/2011 7:02:41 PM - Software Distribution Service 3.0
    RP1154: 12/10/2011 7:12:30 PM - Software Distribution Service 3.0
    RP1155: 12/11/2011 1:59:51 AM - Software Distribution Service 3.0
    RP1156: 12/11/2011 7:01:45 PM - Software Distribution Service 3.0
    RP1157: 12/12/2011 7:24:43 PM - Software Distribution Service 3.0
    RP1158: 12/13/2011 7:32:07 PM - Software Distribution Service 3.0
    RP1159: 12/14/2011 7:38:38 PM - Restore Operation
    RP1160: 12/14/2011 7:51:05 PM - Restore Operation
    RP1161: 12/16/2011 2:03:19 AM - System Checkpoint
    RP1162: 12/17/2011 7:06:53 PM - System Checkpoint
    RP1163: 12/19/2011 8:18:56 PM - System Checkpoint
    RP1164: 12/21/2011 12:18:33 AM - System Checkpoint
    RP1165: 12/21/2011 10:06:42 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1.3
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    Bonjour
    Browser Address Error Redirector
    Browser Highlighter - Firefox
    BufferChm
    Business Contact Manager for Outlook 2007 SP2
    C6300
    C6300_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    ccCommon
    Comcast High-Speed Internet Install Wizard
    Comcast Universal Caller ID
    Component Framework
    Coupon Printer for Windows
    CustomerResearchQFolder
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell Wireless WLAN Card
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    EA Download Manager
    EA Download Manager UI
    eSupportQFolder
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Chrome
    Google Update Helper
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB946554)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Customer Participation Program 11.0
    HP Imaging Device Functions 11.0
    HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Smart Web Printing
    HP Solution Center 11.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Intel(R) PRO Network Connections 12.1.8.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Key Ingredient - Demy Sync
    Linksys Updater
    LiveUpdate (Symantec Corporation)
    LogMeIn
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft WSE 3.0 Runtime
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Network
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    OCR Software by I.R.I.S. 11.0
    PanoStandAlone
    PowerDVD
    PrintMaster 16
    PS_AIO_04_C6300_ProductContext
    PS_AIO_04_C6300_Software
    PS_AIO_04_C6300_Software_Min
    PSSWCORE
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    SearchAssist
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Shockwave
    Shop for HP Supplies
    Skype Toolbars
    Skypeô 4.1
    SmartWebPrinting
    Smead Viewables
    Smilebox
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    SPBBC 32bit
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Symantec Real Time Storage Protection Component
    SymNet
    The Simsô 3
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977839)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB960763)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/23/2011 11:09:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1378.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
    12/22/2011 4:41:50 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    12/22/2011 12:21:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
    12/22/2011 11:21:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
    12/22/2011 11:09:54 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
    12/22/2011 11:06:24 AM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
    12/22/2011 11:04:47 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/22/2011 11:04:03 AM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    12/22/2011 11:04:03 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
    12/22/2011 11:04:03 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
    12/21/2011 9:27:37 PM, error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {306B1443-BF0D-45C0-A6BB-A7045F086F74} Scan Type: Antimalware Scan Parameters: Custom Scan User: VERZANIDELL\Carol Verzani Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this computer.
    12/21/2011 9:21:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
    12/21/2011 8:16:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1378.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed
    12/21/2011 8:03:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
    12/21/2011 8:03:23 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/21/2011 8:03:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
    12/21/2011 7:21:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
    12/21/2011 7:02:57 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    That MBAM version is very, very outdated so not much of a use for it.

    Let's see first if we can do something about lost internet connection.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  4. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    FSS log

    Farbar Service Scanner
    Ran by Carol Verzani (administrator) on 28-12-2011 at 18:48:46
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys
    [2008-04-25 10:16] - [2008-08-14 04:04] - 0138496 ____A () D9901B8CD18C0902EB1ACD0A333F078A

    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000

    **** End of log ****
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It looks like we have afd.sys file infected/corrupted.
    Let's see if we can find some replacement.

    Please run Farbar Service Scanner.
    Type the following in the edit box after "Search:".

    afd.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.
     
  6. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    afd.sys report

    Farbar Service Scanner
    Ran by Carol Verzani (administrator) on 28-12-2011 at 19:17:12
    Microsoft Windows XP Service Pack 3 (X86)

    ************************************************
    ================== Search: "afd.sys" ===================

    C:\WINDOWS\system32\drivers\afd.sys
    [2008-04-25 10:16] - [2008-08-14 04:04] - 0138496 ____A () D9901B8CD18C0902EB1ACD0A333F078A

    C:\WINDOWS\system32\dllcache\afd.sys
    [2008-06-20 05:40] - [2008-08-14 04:04] - 0138496 ____C (Microsoft Corporation) 7E775010EF291DA96AD17CA4B17137D7

    C:\WINDOWS\$NtUninstallKB956803$\afd.sys
    [2008-10-15 05:29] - [2008-06-20 05:40] - 0138496 ____C (Microsoft Corporation) E3049B90FE06F3F740B7CFDA44995E2C

    C:\WINDOWS\$NtUninstallKB951748$\afd.sys
    [2008-10-11 02:03] - [2008-04-14 06:00] - 0138112 ____C (Microsoft Corporation) 322D0E36693D6E24A2398BEE62A268CD

    C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
    [2008-10-14 16:55] - [2008-08-14 04:34] - 0138496 ____A (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C

    C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    [2008-06-20 05:48] - [2008-06-20 05:48] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A

    ====== End Of Search ======
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download following file: http://www.filedropper.com/fix_2
    Double click on it to run the fix.

    Restart computer, check on internet connection, post new FSS log.
     
  8. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    Naturally at some point, my cousin attempted to run a chkdsk during bootup and this happens to be the one time it successfully initializes. It is only 19% thru stage 4. With any luck it speeds up...

    I will run FSS and post the log as soon as I am able.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Take your time.
    Make sure nobody touches this computer from now on.
     
  10. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    FSS Run 2

    Farbar Service Scanner
    Ran by Carol Verzani (administrator) on 28-12-2011 at 21:16:30
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000

    **** End of log ****
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Is your internet connection back?
     
  12. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    Confirmed, the internet has been restored.

    About 5 minutes after I ran that last FSS, a Microsoft error report popped up regarding Microsoft Internet Security program. I x-ed it out not wanting to take any risks.

    thank you very much.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)

    We still have issue with Security Center but I want to make your computer more stable first.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-28 21:36:49
    -----------------------------
    21:36:49.250 OS Version: Windows 5.1.2600 Service Pack 3
    21:36:49.250 Number of processors: 2 586 0xF0D
    21:36:49.250 ComputerName: VERZANIDELL UserName:
    21:36:50.296 Initialize success
    21:37:55.109 AVAST engine defs: 11122801
    21:38:47.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    21:38:47.828 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
    21:38:49.843 Disk 0 MBR read successfully
    21:38:49.843 Disk 0 MBR scan
    21:38:49.875 Disk 0 Windows VISTA default MBR code
    21:38:49.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    21:38:49.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152523 MB offset 128520
    21:38:49.937 Disk 0 scanning sectors +312496380
    21:38:50.046 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:39:05.718 Service scanning
    21:39:06.359 Service MpKsl30375f68 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A94E76DF-1B73-4C78-A40A-752D6083E5CA}\MpKsl30375f68.sys **LOCKED** 32
    21:39:07.062 Modules scanning
    21:39:15.375 Disk 0 trace - called modules:
    21:39:15.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    21:39:15.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a748ab8]
    21:39:15.390 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\00000093[0x8a8199a0]
    21:39:15.390 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7bf940]
    21:39:16.015 AVAST engine scan C:\WINDOWS
    21:39:34.312 AVAST engine scan C:\WINDOWS\system32
    21:42:01.890 AVAST engine scan C:\WINDOWS\system32\drivers
    21:42:21.062 AVAST engine scan C:\Documents and Settings\Carol Verzani
    21:43:23.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carol Verzani\Desktop\MBR.dat"
    21:43:23.375 The log file has been saved successfully to "C:\Documents and Settings\Carol Verzani\Desktop\aswMBR.txt"




    ComboFix 11-12-28.03 - Carol Verzani 12/28/2011 21:55:42.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1391 [GMT -6:00]
    Running from: c:\documents and settings\Carol Verzani\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 03:53 . 2011-12-29 03:53 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A94E76DF-1B73-4C78-A40A-752D6083E5CA}\offreg.dll
    2011-12-29 03:35 . 2011-12-29 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-29 03:35 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-29 03:31 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A94E76DF-1B73-4C78-A40A-752D6083E5CA}\mpengine.dll
    2011-12-18 04:00 . 2011-12-18 04:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-18 01:21 . 2011-12-18 08:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
    2011-12-16 16:39 . 2011-12-16 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\The Weather Channel
    2011-12-08 01:03 . 2011-12-08 01:03 -------- d-----w- c:\program files\comcast caller ID
    2011-12-08 01:02 . 2011-12-08 01:02 -------- d-----w- c:\program files\New Folder
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-08 01:00 . 2011-05-29 16:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 10:47 . 2011-01-21 03:26 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-10 01:23 . 2011-11-10 01:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 01:23 . 2008-10-03 03:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-23_00.59.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-29 03:53 . 2011-12-29 03:53 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
    + 2008-04-25 16:16 . 2011-12-29 03:18 90302 c:\windows\system32\perfc009.dat
    - 2008-04-25 16:16 . 2011-12-22 02:39 90302 c:\windows\system32\perfc009.dat
    + 2008-04-25 16:16 . 2011-12-29 03:18 492408 c:\windows\system32\perfh009.dat
    - 2008-04-25 16:16 . 2011-12-22 02:39 492408 c:\windows\system32\perfh009.dat
    + 2008-04-25 16:16 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    - 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SmileboxTray"="c:\documents and settings\Carol Verzani\Application Data\Smilebox\SmileboxTray.exe" [2011-12-01 313160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-26 1392640]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-12-27 714608]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
    "tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-12-29 492840]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-02-10 04:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "427:UDP"= 427:UDP:SLP_Port(427)
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    .
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [12/27/2007 2:49 PM 149352]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/5/2011 6:38 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2011 9:35 PM 652872]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2011 9:35 PM 20464]
    S1 MpKsl0908dc7e;MpKsl0908dc7e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5545AAB1-B58D-4B49-A0D9-106B136A7E00}\MpKsl0908dc7e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5545AAB1-B58D-4B49-A0D9-106B136A7E00}\MpKsl0908dc7e.sys [?]
    S1 MpKsl1af499ba;MpKsl1af499ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AC49AF3-FAFE-416F-90C3-35CE2FCE0409}\MpKsl1af499ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AC49AF3-FAFE-416F-90C3-35CE2FCE0409}\MpKsl1af499ba.sys [?]
    S1 MpKsl2cc0d367;MpKsl2cc0d367;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED78739-5118-49F9-8619-7CA9045A4FAA}\MpKsl2cc0d367.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED78739-5118-49F9-8619-7CA9045A4FAA}\MpKsl2cc0d367.sys [?]
    S1 MpKsl3568d97b;MpKsl3568d97b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ED745B4-2585-4E5D-BD9E-008641761ACC}\MpKsl3568d97b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ED745B4-2585-4E5D-BD9E-008641761ACC}\MpKsl3568d97b.sys [?]
    S1 MpKsl3b883487;MpKsl3b883487;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D4B40A8-FF6E-4767-9907-A140280A58F0}\MpKsl3b883487.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D4B40A8-FF6E-4767-9907-A140280A58F0}\MpKsl3b883487.sys [?]
    S1 MpKsl46981d84;MpKsl46981d84;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC726DB6-269F-4096-9343-3B4D68F767F8}\MpKsl46981d84.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC726DB6-269F-4096-9343-3B4D68F767F8}\MpKsl46981d84.sys [?]
    S1 MpKsl4a4902fd;MpKsl4a4902fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04D3007D-E2AC-44DF-AF8B-930BEF4BA4D1}\MpKsl4a4902fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04D3007D-E2AC-44DF-AF8B-930BEF4BA4D1}\MpKsl4a4902fd.sys [?]
    S1 MpKsl509da318;MpKsl509da318;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8707801-AC9D-42A8-813B-9C6F08275E0A}\MpKsl509da318.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8707801-AC9D-42A8-813B-9C6F08275E0A}\MpKsl509da318.sys [?]
    S1 MpKsl564bff37;MpKsl564bff37;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9F57-C3DF-43E8-8BFA-9DD314ADBA7F}\MpKsl564bff37.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9F57-C3DF-43E8-8BFA-9DD314ADBA7F}\MpKsl564bff37.sys [?]
    S1 MpKsl60d6ac92;MpKsl60d6ac92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEC34841-16C7-4F8B-BF8E-5B48001C7C2F}\MpKsl60d6ac92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEC34841-16C7-4F8B-BF8E-5B48001C7C2F}\MpKsl60d6ac92.sys [?]
    S1 MpKsl68773eed;MpKsl68773eed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8E4D212-5C59-4819-8EDC-92025D999E86}\MpKsl68773eed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8E4D212-5C59-4819-8EDC-92025D999E86}\MpKsl68773eed.sys [?]
    S1 MpKsl755db92c;MpKsl755db92c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0D37BB6-615D-44EA-A5A3-282839982B0F}\MpKsl755db92c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0D37BB6-615D-44EA-A5A3-282839982B0F}\MpKsl755db92c.sys [?]
    S1 MpKsl75c4b2bf;MpKsl75c4b2bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73DD3F2C-E007-4FB5-ACD2-82C2609AC6A0}\MpKsl75c4b2bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73DD3F2C-E007-4FB5-ACD2-82C2609AC6A0}\MpKsl75c4b2bf.sys [?]
    S1 MpKsl779a7e9b;MpKsl779a7e9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD05181-F878-457E-96C2-D150C6C55D02}\MpKsl779a7e9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD05181-F878-457E-96C2-D150C6C55D02}\MpKsl779a7e9b.sys [?]
    S1 MpKsl8d7a117a;MpKsl8d7a117a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAFC59D6-B0D4-47AF-9549-7556EB6E7F0D}\MpKsl8d7a117a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAFC59D6-B0D4-47AF-9549-7556EB6E7F0D}\MpKsl8d7a117a.sys [?]
    S1 MpKsla836ccc7;MpKsla836ccc7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AED1BAB8-AE44-4F2C-9661-4DB6EE31EDA9}\MpKsla836ccc7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AED1BAB8-AE44-4F2C-9661-4DB6EE31EDA9}\MpKsla836ccc7.sys [?]
    S1 MpKslc1300d30;MpKslc1300d30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CACD1C44-F876-428A-BB69-4DB57D9A26F2}\MpKslc1300d30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CACD1C44-F876-428A-BB69-4DB57D9A26F2}\MpKslc1300d30.sys [?]
    S1 MpKslc9376e4b;MpKslc9376e4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2C7F1B8-0361-44CF-BCE9-3FE25C18BD9D}\MpKslc9376e4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2C7F1B8-0361-44CF-BCE9-3FE25C18BD9D}\MpKslc9376e4b.sys [?]
    S1 MpKslcb08027d;MpKslcb08027d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B0E6D-A1BC-4E7B-83FB-CC5AA42C02AF}\MpKslcb08027d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B0E6D-A1BC-4E7B-83FB-CC5AA42C02AF}\MpKslcb08027d.sys [?]
    S1 MpKslceddbb82;MpKslceddbb82;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B8F9F77-36B0-4E17-B054-445B210B6FD1}\MpKslceddbb82.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B8F9F77-36B0-4E17-B054-445B210B6FD1}\MpKslceddbb82.sys [?]
    S1 MpKsld1992b1f;MpKsld1992b1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8F502CE-AE41-4BB4-BAF6-F8E9A587C38F}\MpKsld1992b1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8F502CE-AE41-4BB4-BAF6-F8E9A587C38F}\MpKsld1992b1f.sys [?]
    S1 MpKsldb0d6530;MpKsldb0d6530;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB3E1933-7E78-4F24-9E1C-046C6A629083}\MpKsldb0d6530.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB3E1933-7E78-4F24-9E1C-046C6A629083}\MpKsldb0d6530.sys [?]
    S1 MpKslf0dd29f0;MpKslf0dd29f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{104A2698-742A-4952-A579-E35634449808}\MpKslf0dd29f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{104A2698-742A-4952-A579-E35634449808}\MpKslf0dd29f0.sys [?]
    S1 MpKslf4f77fbc;MpKslf4f77fbc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AD42D38-71F0-4B88-B509-642F60249008}\MpKslf4f77fbc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AD42D38-71F0-4B88-B509-642F60249008}\MpKslf4f77fbc.sys [?]
    S1 MpKslf93b0227;MpKslf93b0227;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43C4FDEE-93BD-48A8-8AE7-74C0118FBA5C}\MpKslf93b0227.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43C4FDEE-93BD-48A8-8AE7-74C0118FBA5C}\MpKslf93b0227.sys [?]
    S1 MpKslfa10bc56;MpKslfa10bc56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17DD833F-0BDC-4156-B577-F71B65972C06}\MpKslfa10bc56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17DD833F-0BDC-4156-B577-F71B65972C06}\MpKslfa10bc56.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:36 PM 135664]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/27/2007 2:41 PM 23888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:36 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    xmlpros REG_MULTI_SZ XMLProvS
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 00:36]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 00:36]
    .
    2011-12-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
    .
    2011-12-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Carol Verzani.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-27 20:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/options&s=Pj92DVd00b-IyBK6cxpPeV9bH2M
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: plaxo.com\www
    TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
    FF - ProfilePath - c:\documents and settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w&ind=2011112815&ptnrS=ZRxdm985YYUS&si=&n=77df256f&psa=&st=kwd&searchfor=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Carol Verzani\Application Data\Move Networks
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-28 22:04
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1308)
    c:\windows\system32\LMIinit.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2011-12-28 22:06:19
    ComboFix-quarantined-files.txt 2011-12-29 04:06
    ComboFix2.txt 2011-12-23 01:01
    .
    Pre-Run: 102,737,715,200 bytes free
    Post-Run: 102,861,393,920 bytes free
    .
    - - End Of File - - 97DD2EC3E5B435C14A4DE18170D7DB35
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      i8042prt.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  16. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:39 on 28/12/2011 by Carol Verzani
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "i8042prt.sys"
    No files found.

    -= EOF =-
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    This is a driver for PS/2-style keyboard and mouse devices.
    If you don't use those you should be OK, but let me see if I can find it on my XP CD.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  19. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    ComboFix 11-12-28.03 - Carol Verzani 12/28/2011 23:01:47.6.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1407 [GMT -6:00]
    Running from: c:\documents and settings\Carol Verzani\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 04:58 . 2011-12-29 04:58 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A94E76DF-1B73-4C78-A40A-752D6083E5CA}\offreg.dll
    2011-12-29 04:53 . 2008-04-14 06:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2011-12-29 04:53 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-29 03:35 . 2011-12-29 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-29 03:35 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-29 03:31 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A94E76DF-1B73-4C78-A40A-752D6083E5CA}\mpengine.dll
    2011-12-18 04:00 . 2011-12-18 04:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-18 01:21 . 2011-12-18 08:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
    2011-12-16 16:39 . 2011-12-16 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\The Weather Channel
    2011-12-08 01:03 . 2011-12-08 01:03 -------- d-----w- c:\program files\comcast caller ID
    2011-12-08 01:02 . 2011-12-08 01:02 -------- d-----w- c:\program files\New Folder
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-08 01:00 . 2011-05-29 16:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 10:47 . 2011-01-21 03:26 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-10 01:23 . 2011-11-10 01:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 01:23 . 2008-10-03 03:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-23_00.59.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-29 04:59 . 2011-12-29 04:59 16384 c:\windows\Temp\Perflib_Perfdata_834.dat
    + 2008-04-25 16:16 . 2011-12-29 03:18 90302 c:\windows\system32\perfc009.dat
    - 2008-04-25 16:16 . 2011-12-22 02:39 90302 c:\windows\system32\perfc009.dat
    + 2008-04-25 16:16 . 2011-12-29 03:18 492408 c:\windows\system32\perfh009.dat
    - 2008-04-25 16:16 . 2011-12-22 02:39 492408 c:\windows\system32\perfh009.dat
    + 2008-04-25 16:16 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    - 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SmileboxTray"="c:\documents and settings\Carol Verzani\Application Data\Smilebox\SmileboxTray.exe" [2011-12-01 313160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-26 1392640]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-12-27 714608]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
    "tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-12-29 492840]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-02-10 04:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "427:UDP"= 427:UDP:SLP_Port(427)
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    .
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [12/27/2007 2:49 PM 149352]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/5/2011 6:38 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2011 9:35 PM 652872]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2011 9:35 PM 20464]
    S1 MpKsl0908dc7e;MpKsl0908dc7e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5545AAB1-B58D-4B49-A0D9-106B136A7E00}\MpKsl0908dc7e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5545AAB1-B58D-4B49-A0D9-106B136A7E00}\MpKsl0908dc7e.sys [?]
    S1 MpKsl1af499ba;MpKsl1af499ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AC49AF3-FAFE-416F-90C3-35CE2FCE0409}\MpKsl1af499ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AC49AF3-FAFE-416F-90C3-35CE2FCE0409}\MpKsl1af499ba.sys [?]
    S1 MpKsl2cc0d367;MpKsl2cc0d367;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED78739-5118-49F9-8619-7CA9045A4FAA}\MpKsl2cc0d367.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED78739-5118-49F9-8619-7CA9045A4FAA}\MpKsl2cc0d367.sys [?]
    S1 MpKsl3568d97b;MpKsl3568d97b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ED745B4-2585-4E5D-BD9E-008641761ACC}\MpKsl3568d97b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ED745B4-2585-4E5D-BD9E-008641761ACC}\MpKsl3568d97b.sys [?]
    S1 MpKsl3b883487;MpKsl3b883487;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D4B40A8-FF6E-4767-9907-A140280A58F0}\MpKsl3b883487.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D4B40A8-FF6E-4767-9907-A140280A58F0}\MpKsl3b883487.sys [?]
    S1 MpKsl46981d84;MpKsl46981d84;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC726DB6-269F-4096-9343-3B4D68F767F8}\MpKsl46981d84.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC726DB6-269F-4096-9343-3B4D68F767F8}\MpKsl46981d84.sys [?]
    S1 MpKsl4a4902fd;MpKsl4a4902fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04D3007D-E2AC-44DF-AF8B-930BEF4BA4D1}\MpKsl4a4902fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04D3007D-E2AC-44DF-AF8B-930BEF4BA4D1}\MpKsl4a4902fd.sys [?]
    S1 MpKsl509da318;MpKsl509da318;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8707801-AC9D-42A8-813B-9C6F08275E0A}\MpKsl509da318.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8707801-AC9D-42A8-813B-9C6F08275E0A}\MpKsl509da318.sys [?]
    S1 MpKsl564bff37;MpKsl564bff37;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9F57-C3DF-43E8-8BFA-9DD314ADBA7F}\MpKsl564bff37.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9F57-C3DF-43E8-8BFA-9DD314ADBA7F}\MpKsl564bff37.sys [?]
    S1 MpKsl60d6ac92;MpKsl60d6ac92;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEC34841-16C7-4F8B-BF8E-5B48001C7C2F}\MpKsl60d6ac92.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEC34841-16C7-4F8B-BF8E-5B48001C7C2F}\MpKsl60d6ac92.sys [?]
    S1 MpKsl68773eed;MpKsl68773eed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8E4D212-5C59-4819-8EDC-92025D999E86}\MpKsl68773eed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8E4D212-5C59-4819-8EDC-92025D999E86}\MpKsl68773eed.sys [?]
    S1 MpKsl755db92c;MpKsl755db92c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0D37BB6-615D-44EA-A5A3-282839982B0F}\MpKsl755db92c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0D37BB6-615D-44EA-A5A3-282839982B0F}\MpKsl755db92c.sys [?]
    S1 MpKsl75c4b2bf;MpKsl75c4b2bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73DD3F2C-E007-4FB5-ACD2-82C2609AC6A0}\MpKsl75c4b2bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73DD3F2C-E007-4FB5-ACD2-82C2609AC6A0}\MpKsl75c4b2bf.sys [?]
    S1 MpKsl779a7e9b;MpKsl779a7e9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD05181-F878-457E-96C2-D150C6C55D02}\MpKsl779a7e9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD05181-F878-457E-96C2-D150C6C55D02}\MpKsl779a7e9b.sys [?]
    S1 MpKsl8d7a117a;MpKsl8d7a117a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAFC59D6-B0D4-47AF-9549-7556EB6E7F0D}\MpKsl8d7a117a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAFC59D6-B0D4-47AF-9549-7556EB6E7F0D}\MpKsl8d7a117a.sys [?]
    S1 MpKsla836ccc7;MpKsla836ccc7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AED1BAB8-AE44-4F2C-9661-4DB6EE31EDA9}\MpKsla836ccc7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AED1BAB8-AE44-4F2C-9661-4DB6EE31EDA9}\MpKsla836ccc7.sys [?]
    S1 MpKslc1300d30;MpKslc1300d30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CACD1C44-F876-428A-BB69-4DB57D9A26F2}\MpKslc1300d30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CACD1C44-F876-428A-BB69-4DB57D9A26F2}\MpKslc1300d30.sys [?]
    S1 MpKslc9376e4b;MpKslc9376e4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2C7F1B8-0361-44CF-BCE9-3FE25C18BD9D}\MpKslc9376e4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2C7F1B8-0361-44CF-BCE9-3FE25C18BD9D}\MpKslc9376e4b.sys [?]
    S1 MpKslcb08027d;MpKslcb08027d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B0E6D-A1BC-4E7B-83FB-CC5AA42C02AF}\MpKslcb08027d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C5B0E6D-A1BC-4E7B-83FB-CC5AA42C02AF}\MpKslcb08027d.sys [?]
    S1 MpKslceddbb82;MpKslceddbb82;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B8F9F77-36B0-4E17-B054-445B210B6FD1}\MpKslceddbb82.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B8F9F77-36B0-4E17-B054-445B210B6FD1}\MpKslceddbb82.sys [?]
    S1 MpKsld1992b1f;MpKsld1992b1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8F502CE-AE41-4BB4-BAF6-F8E9A587C38F}\MpKsld1992b1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8F502CE-AE41-4BB4-BAF6-F8E9A587C38F}\MpKsld1992b1f.sys [?]
    S1 MpKsldb0d6530;MpKsldb0d6530;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB3E1933-7E78-4F24-9E1C-046C6A629083}\MpKsldb0d6530.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB3E1933-7E78-4F24-9E1C-046C6A629083}\MpKsldb0d6530.sys [?]
    S1 MpKslf0dd29f0;MpKslf0dd29f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{104A2698-742A-4952-A579-E35634449808}\MpKslf0dd29f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{104A2698-742A-4952-A579-E35634449808}\MpKslf0dd29f0.sys [?]
    S1 MpKslf4f77fbc;MpKslf4f77fbc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AD42D38-71F0-4B88-B509-642F60249008}\MpKslf4f77fbc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AD42D38-71F0-4B88-B509-642F60249008}\MpKslf4f77fbc.sys [?]
    S1 MpKslf93b0227;MpKslf93b0227;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43C4FDEE-93BD-48A8-8AE7-74C0118FBA5C}\MpKslf93b0227.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43C4FDEE-93BD-48A8-8AE7-74C0118FBA5C}\MpKslf93b0227.sys [?]
    S1 MpKslfa10bc56;MpKslfa10bc56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17DD833F-0BDC-4156-B577-F71B65972C06}\MpKslfa10bc56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17DD833F-0BDC-4156-B577-F71B65972C06}\MpKslfa10bc56.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:36 PM 135664]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 9:28 AM 204800]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/27/2007 2:41 PM 23888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:36 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    xmlpros REG_MULTI_SZ XMLProvS
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 00:36]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 00:36]
    .
    2011-12-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
    .
    2011-12-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Carol Verzani.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-27 20:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/options&s=Pj92DVd00b-IyBK6cxpPeV9bH2M
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: plaxo.com\www
    TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
    FF - ProfilePath - c:\documents and settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w&ind=2011112815&ptnrS=ZRxdm985YYUS&si=&n=77df256f&psa=&st=kwd&searchfor=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Carol Verzani\Application Data\Move Networks
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-28 23:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1308)
    c:\windows\system32\LMIinit.dll
    c:\windows\System32\BCMLogon.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2011-12-28 23:11:00
    ComboFix-quarantined-files.txt 2011-12-29 05:10
    ComboFix2.txt 2011-12-29 04:06
    ComboFix3.txt 2011-12-23 01:01
    .
    Pre-Run: 102,858,895,360 bytes free
    Post-Run: 102,853,804,032 bytes free
    .
    - - End Of File - - D327F6548CF0D63A851E42D4275EF480
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Now we'll take care of Security Center issue.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/



    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.
    Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    You'll find several files inside.
    Double-click legacy_wscsvc.reg and confirm the prompt.
    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

    Next...

    Go Start>Run, type in:
    services.msc
    Click OK.

    In services window find "Security Center" service.
    Right click on it, click "Properties".
    Under "Startup type" select "Automatic" from drop down menu.

    Restart computer.
    Post new FSS log.
     
  21. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    Unfortunately there is no service listed as "Security Center" in the services.msc
     
  22. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    In the interim, I still ran the FSS. Fingers crossed I don't need to do any more, but will check back in tomorrow.






    Farbar Service Scanner
    Ran by Carol Verzani (administrator) on 28-12-2011 at 23:51:57
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000

    **** End of log ****
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    OTL.txt - 1 of 2

    OTL logfile created on: 12/30/2011 11:52:37 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Carol Verzani\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.01% Memory free
    3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.96% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 95.79 Gb Free Space | 64.31% Space Free | Partition Type: NTFS

    Computer Name: VERZANIDELL | User Name: Carol Verzani | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/30 11:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol Verzani\Desktop\OTL.exe
    PRC - [2011/12/29 22:49:11 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
    PRC - [2011/12/29 22:49:08 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
    PRC - [2011/12/29 15:34:52 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2011/12/29 15:34:30 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/01 12:43:04 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Carol Verzani\Application Data\Smilebox\SmileboxTray.exe
    PRC - [2011/11/09 19:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
    PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2011/02/09 22:16:35 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
    PRC - [2008/10/08 20:32:50 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/26 08:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2006/09/25 07:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/29 22:49:08 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
    MOD - [2011/12/07 19:00:24 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/04/01 11:58:05 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
    MOD - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    MOD - [2009/10/16 02:03:32 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8a49328a\mscorlib.dll
    MOD - [2009/10/16 02:03:29 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_43282f55\system.drawing.dll
    MOD - [2009/10/16 02:03:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d1ef7ac7\system.xml.dll
    MOD - [2009/10/16 02:03:12 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_fa6ec374\system.windows.forms.dll
    MOD - [2009/10/16 02:03:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bdc81126\system.dll
    MOD - [2009/10/16 02:02:49 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2009/10/16 02:02:47 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2009/10/15 02:08:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
    MOD - [2009/10/15 02:07:57 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
    MOD - [2009/10/15 02:07:17 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
    MOD - [2008/10/08 20:32:50 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    MOD - [2008/10/08 20:32:50 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
    MOD - [2008/04/25 15:35:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2008/04/25 15:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2008/04/25 15:35:57 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2008/04/25 15:35:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2008/04/25 15:35:55 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2008/04/14 06:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
    MOD - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    MOD - [2008/01/15 09:28:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
    MOD - [2006/10/25 20:48:24 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/29 15:34:52 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2011/12/29 15:34:30 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/02/09 22:16:35 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
    SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
    SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/10/08 20:32:50 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/12/27 14:50:12 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2007/12/27 14:46:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Running] -- -- (MpKsl9da2835a)
    DRV - [2011/12/29 23:00:12 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12020B0A-9886-4BFC-BC0D-0F920BEB7321}\MpKsl6224402c.sys -- (MpKsl6224402c)
    DRV - [2011/12/29 15:34:32 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/16 03:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110117.024\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/16 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110117.024\NAVENG.SYS -- (NAVENG)
    DRV - [2010/09/15 12:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20110114.001\SymIDSCo.sys -- (SYMIDSCO)
    DRV - [2010/05/26 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2009/01/09 18:56:55 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2007/12/27 14:43:48 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
    DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/10/07 16:29:16 | 002,455,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/10/12 02:29:54 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081003
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081003


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081003
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081003
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w
    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
    IE - HKU\S-1-5-21-552403770-719699087-410222551-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm985YYUS&ptb=p5iNxjFJMO6ccl.B.jcx7w&ind=2011112815&ptnrS=ZRxdm985YYUS&si=&n=77df256f&psa=&st=kwd&searchfor="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carol Verzani\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Carol Verzani\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/08 19:23:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/24 13:26:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 19:23:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/08 19:23:41 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Carol Verzani\Application Data\Move Networks [2009/11/08 14:39:25 | 000,000,000 | ---D | M]

    [2008/10/08 20:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Extensions
    [2011/12/07 19:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\extensions
    [2011/08/13 15:42:23 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2009/09/02 06:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/30 15:18:24 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\extensions\browserhighlighter@ebay.com
    [2010/07/07 20:53:31 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\extensions\LogMeInClient@logmein.com
    [2011/12/02 13:51:46 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Profiles\fmpnwvc7.default\searchplugins\mywebsearch.xml
    [2011/11/28 14:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/24 21:29:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/11/09 19:23:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2009/11/08 14:39:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CAROL VERZANI\APPLICATION DATA\MOVE NETWORKS
    [2011/11/09 19:23:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/11/09 19:23:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========


    Hosts file not found
    O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-552403770-719699087-410222551-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
    O4 - HKU\S-1-5-21-552403770-719699087-410222551-1008..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-552403770-719699087-410222551-1008..\Run: [SmileboxTray] C:\Documents and Settings\Carol Verzani\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-552403770-719699087-410222551-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-552403770-719699087-410222551-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-552403770-719699087-410222551-1008\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7A076B0-F475-4F1D-8C82-5C0CDF2CA6DE}: DhcpNameServer = 68.87.72.134 68.87.77.134
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carol Verzani\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/30 11:51:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carol Verzani\Desktop\OTL.exe
    [2011/12/28 23:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol Verzani\Desktop\DO NOT USE
    [2011/12/28 21:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/28 21:35:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/28 21:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/21 22:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carol Verzani\Start Menu\Programs\Administrative Tools
    [2011/12/21 19:07:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/21 19:04:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/21 19:04:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/21 19:04:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/21 19:04:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/21 19:04:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/21 19:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/17 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/12/17 19:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
    [2011/12/16 10:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol Verzani\My Documents\Clubhouse Logos
    [2011/12/16 10:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol Verzani\My Documents\Bridal Shower Ideas
    [2011/12/16 10:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol Verzani\My Documents\Tax Returns
    [2011/12/16 10:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\The Weather Channel
    [2011/12/14 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/14 20:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/14 20:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/07 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\comcast caller ID
    [2011/12/07 19:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Carol Verzani\Desktop\*.tmp files -> C:\Documents and Settings\Carol Verzani\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/30 11:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol Verzani\Desktop\OTL.exe
    [2011/12/30 11:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/29 22:53:58 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/12/29 22:52:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Ÿ9Ÿ9
    [2011/12/29 22:50:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/29 22:48:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/29 22:48:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/29 22:48:40 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/29 15:34:32 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2011/12/29 15:34:31 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2011/12/29 15:34:31 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2011/12/29 13:48:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
    [2011/12/28 21:35:32 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/28 21:18:00 | 000,492,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/28 21:18:00 | 000,090,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/28 17:28:15 | 000,000,638 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Carol Verzani.job
    [2011/12/27 11:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/21 21:22:13 | 000,037,147 | ---- | M] () -- C:\logfile
    [2011/12/21 19:08:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/21 10:04:38 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/21 10:04:38 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/21 01:55:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/19 13:02:43 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/12/16 09:44:23 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lqd3Fg3.dat
    [2011/12/16 09:31:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\v0ghHw3.com.b
    [2011/12/14 20:45:10 | 000,021,470 | -HS- | M] () -- C:\Documents and Settings\Carol Verzani\Local Settings\Application Data\pdpchw2s5ixm5vvq1uoj1d683d8c
    [2011/12/14 20:45:10 | 000,021,470 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pdpchw2s5ixm5vvq1uoj1d683d8c
    [2011/12/14 17:32:30 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/12/13 08:27:26 | 001,189,888 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2011/12/13 08:27:25 | 002,232,320 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/08 06:13:48 | 000,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrintMaster 16.lnk
    [2011/12/07 19:03:14 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Universal Caller ID.lnk
    [2011/12/04 12:39:22 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Desktop\Key Ingredient.lnk
    [2011/12/03 18:35:49 | 001,980,512 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\My Documents\ComcastCallerID.air
    [2011/12/03 18:29:47 | 001,980,512 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Desktop\ComcastCallerID.air
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Carol Verzani\Desktop\*.tmp files -> C:\Documents and Settings\Carol Verzani\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/28 21:35:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/21 19:08:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/12/21 19:07:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/21 19:04:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/21 19:04:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/21 19:04:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/21 19:04:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/21 19:04:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/19 13:02:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/12/16 09:31:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\v0ghHw3.com.b
    [2011/12/16 09:19:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lqd3Fg3.dat
    [2011/12/15 13:00:50 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
    [2011/12/15 13:00:50 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
    [2011/12/14 19:20:42 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/14 15:06:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/14 12:37:55 | 000,021,470 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pdpchw2s5ixm5vvq1uoj1d683d8c
    [2011/12/14 12:37:54 | 000,021,470 | -HS- | C] () -- C:\Documents and Settings\Carol Verzani\Local Settings\Application Data\pdpchw2s5ixm5vvq1uoj1d683d8c
     
  25. UserError404

    UserError404 TS Rookie Topic Starter Posts: 24

    OTL.txt - 2 of 2

    [2011/12/12 20:58:26 | 001,991,760 | ---- | C] () -- C:\Documents and Settings\Carol Verzani\My Documents\100_0515.jpg
    [2011/12/07 19:03:14 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Comcast Universal Caller ID.lnk
    [2011/12/07 19:03:14 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comcast Universal Caller ID.lnk
    [2011/12/03 18:23:27 | 001,980,512 | ---- | C] () -- C:\Documents and Settings\Carol Verzani\Desktop\ComcastCallerID.air
    [2010/07/01 19:41:26 | 000,074,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/02/24 21:33:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/04/29 19:14:39 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Carol Verzani\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/08 19:15:07 | 000,166,436 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
    [2009/04/08 19:15:07 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
    [2008/10/08 20:11:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/10/08 19:51:27 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Carol Verzani\Local Settings\Application Data\fusioncache.dat
    [2008/10/03 05:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2008/10/03 01:00:24 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2008/10/03 01:00:24 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2008/10/03 01:00:24 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2008/10/03 01:00:24 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2008/10/03 01:00:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
    [2008/10/03 01:00:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
    [2008/10/03 01:00:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2008/10/03 00:59:35 | 000,001,159 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/10/02 21:36:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/10/02 21:18:57 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/02 21:16:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2008/10/02 21:16:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2008/10/02 21:16:07 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/04/25 15:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/25 15:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/25 15:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/04/25 10:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/25 10:16:22 | 000,492,408 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/25 10:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/25 10:16:22 | 000,090,302 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/25 10:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/25 10:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/25 10:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/25 10:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/04/25 10:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/25 10:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/25 10:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/25 10:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/25 03:21:52 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2009/05/24 10:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2010/03/10 22:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2009/08/01 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2011/12/30 09:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2009/07/17 16:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
    [2008/10/02 21:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/06/28 06:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/03/05 19:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol Verzani\Application Data\ActiBook
    [2009/04/24 10:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol Verzani\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/08/18 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol Verzani\Application Data\Smead
    [2011/12/29 01:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol Verzani\Application Data\Smilebox
    [2011/11/09 19:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol Verzani\Application Data\uTorrent
    [2011/12/29 22:53:58 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/02/03 18:03:43 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/10/08 19:51:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/21 19:08:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/28 23:11:01 | 000,023,846 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/10/03 01:03:36 | 000,005,136 | RH-- | M] () -- C:\dell.sdr
    [2011/12/29 22:48:40 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/25 15:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/12/21 21:22:13 | 000,037,147 | ---- | M] () -- C:\logfile
    [2008/04/25 15:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2009/07/29 20:12:03 | 000,001,047 | ---- | M] () -- C:\net_save.dna
    [2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/29 22:48:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/21 18:52:55 | 000,135,286 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_21.12.2011_18.51.48_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/04/25 15:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/06/06 19:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
    [2011/12/29 15:34:32 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 03:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2008/04/25 03:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2008/04/25 03:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/04/25 15:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/10/08 19:51:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Carol Verzani\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/25 15:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/27 19:39:53 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Carol Verzani\Desktop\jre-6u21-windows-i586-iftw-rv.exe
    [2011/03/05 19:49:25 | 008,975,601 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Desktop\KeyIngredient-1.997.exe
    [2011/12/30 11:51:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol Verzani\Desktop\OTL.exe
    [2009/06/27 10:31:59 | 000,956,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Carol Verzani\Desktop\SaveAsPDFandXPS.exe
    [1 C:\Documents and Settings\Carol Verzani\Desktop\*.tmp files -> C:\Documents and Settings\Carol Verzani\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/05/05 19:58:37 | 008,354,440 | ---- | M] (Mozilla) -- C:\Documents and Settings\Carol Verzani\My Documents\Firefox Setup 3.6.3.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/10/08 19:51:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Carol Verzani\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/30 11:53:47 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Carol Verzani\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 06:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 05:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 05:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 05:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 11:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 05:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 05:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 05:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 05:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 05:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...