TechSpot

Slow PC & Dots then words appear in Word, Notepad, Firefox

By kellidor
Sep 5, 2011
  1. Not sure if it is just Norton slowing down my PC?

    The other issue is dots appearing and then being replaced with random text in Word, Firefox and Notepad.

    I followed the checklist and here are my logs:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7655

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    9/5/2011 9:45:48 AM
    mbam-log-2011-09-05 (09-45-48).txt

    Scan type: Quick scan
    Objects scanned: 170786
    Time elapsed: 8 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} (Adware.Alexa) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{875A1348-7674-42AA-ADAC-B4F36A004A2D} (Adware.Adband) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} (Adware.Alexa) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------------------------------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-05 09:56:23
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19 ST3250620NS rev.3.AEG
    Running: jpucnrlh.exe; Driver: C:\DOCUME~1\KELLYC~1\LOCALS~1\Temp\pxtdypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA7832A8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA78E910]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdePort1 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdePort2 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdePort3 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdePort4 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdePort5 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 8AC4E0F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 8AC4E0F8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port6Path0Target0Lun0 8ABEFCC0
    Device \Driver\d347prt \Device\Scsi\d347prt1 8ABEFCC0
    Device \FileSystem\Ntfs \Ntfs 8AFDFFB0
    Device \FileSystem\Fastfat \Fat 8AAAE4D0

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Modules - GMER 1.0.15 ----

    Module _________ BA6E5000-BA6FD000 (98304 bytes)

    ---- EOF - GMER 1.0.15 ----

    -------------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
    Run by Kelly Comiskey at 9:58:39 on 2011-09-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2138 [GMT -5:00]
    .
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    BHO: 0<º - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\System32\browseui.dll
    TB: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
    uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
    uRun: [EPSON Stylus C120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticca.exe /fu "c:\docume~1\kellyc~1\locals~1\temp\E_S3B0.tmp" /EF "HKCU"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SMax4.exe" /tray
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [AsusServiceProvider] c:\program files\asus\aasp\1.00.01\aaCenter.exe
    mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [DIRECTCD] "c:\program files\intervideo\disc master 2.5\DirectCD.exe"
    mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
    mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
    mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
    mRun: [BCA2000] %SystemRoot%\system32\bca2kcpan.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a8323ef0-1e8a-4385-93ed-f97963793042}\_3E7D7F8C756EC1A9420DE2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    Trusted Zone: wealthyaffiliate.com\members
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://www.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265378970750
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265378957218
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3FBDA7DD-2685-4E6D-9DF2-64110FB38409} : DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{63FBE7B3-0857-491B-A885-597E59FFC75A} : DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\kelly comiskey\application data\mozilla\firefox\profiles\api6nyah.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-3-19 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-3-19 5248]
    R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2007-3-17 38784]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-5 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-5 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-5 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110902.030\IDSXpx86.sys [2011-9-2 356280]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-5 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-17 105592]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110904.002\NAVENG.SYS [2011-9-4 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110904.002\NAVEX15.SYS [2011-9-4 1576312]
    S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
    S3 BCA2000;Behringer BCA2000 V2.1.0.6;c:\windows\system32\drivers\BCA2000.SYS [2008-1-18 94624]
    S3 BCA2000WDM;Behringer BCA2000WDM V2.1.0.6;c:\windows\system32\drivers\BCA2000WDM.SYS [2008-1-18 27328]
    S3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\elobus.sys --> c:\windows\system32\drivers\EloBus.sys [?]
    S3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\eloser.sys --> c:\windows\system32\drivers\EloSer.sys [?]
    S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [2007-12-26 15872]
    S3 iviudf;iviudf;c:\windows\system32\drivers\iviudf.sys --> c:\windows\system32\drivers\IviUdf.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-5 41272]
    S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-10 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-10 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-10 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-10 40552]
    S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2009-4-6 900736]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-11-18 152576]
    S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-11-3 627072]
    .
    =============== Created Last 30 ================
    .
    2011-09-05 13:47:11 -------- d-----w- c:\documents and settings\kelly comiskey\application data\Malwarebytes
    2011-09-05 13:46:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-05 13:46:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-05 13:46:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-05 13:46:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-05 13:29:51 -------- d-----w- c:\program files\ESET
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 9:59:07.54 ===============

    ------------------------------------------------------------------------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/17/2007 4:58:59 AM
    System Uptime: 8/24/2011 10:42:35 AM (287 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | LGA 775 | 1866/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 127.213 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 186 GiB total, 24.554 GiB free.
    G: is FIXED (FAT32) - 47 GiB total, 46.372 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1339: 6/9/2011 8:31:47 PM - System Checkpoint
    RP1340: 6/10/2011 11:21:43 PM - System Checkpoint
    RP1341: 6/12/2011 2:39:03 AM - System Checkpoint
    RP1342: 6/24/2011 8:24:16 PM - System Checkpoint
    RP1343: 6/25/2011 10:28:25 PM - System Checkpoint
    RP1344: 6/27/2011 6:31:47 PM - System Checkpoint
    RP1345: 6/28/2011 6:32:52 PM - System Checkpoint
    RP1346: 6/29/2011 10:11:53 PM - System Checkpoint
    RP1347: 6/30/2011 10:22:48 PM - System Checkpoint
    RP1348: 7/2/2011 2:25:18 AM - System Checkpoint
    RP1349: 7/3/2011 6:10:48 AM - System Checkpoint
    RP1350: 8/13/2011 7:47:26 PM - System Checkpoint
    RP1351: 8/14/2011 11:32:23 PM - System Checkpoint
    RP1352: 8/16/2011 3:20:23 AM - System Checkpoint
    RP1353: 8/17/2011 3:32:23 AM - System Checkpoint
    RP1354: 8/19/2011 6:40:02 PM - System Checkpoint
    RP1355: 8/19/2011 8:53:41 PM - Software Distribution Service 3.0
    RP1356: 8/24/2011 12:49:43 PM - System Checkpoint
    RP1357: 8/25/2011 4:22:58 PM - System Checkpoint
    RP1358: 8/26/2011 8:33:53 PM - System Checkpoint
    RP1359: 8/28/2011 12:21:54 AM - System Checkpoint
    RP1360: 8/29/2011 4:33:54 AM - System Checkpoint
    RP1361: 8/30/2011 8:33:54 AM - System Checkpoint
    RP1362: 8/31/2011 12:33:54 PM - System Checkpoint
    RP1363: 9/1/2011 4:33:54 PM - System Checkpoint
    RP1364: 9/2/2011 8:33:57 PM - System Checkpoint
    RP1365: 9/4/2011 12:21:57 AM - System Checkpoint
    RP1366: 9/5/2011 12:33:57 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 4.0
    Adobe Acrobat Distiller 6.0
    Adobe Audition 1.5
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe PageMaker 6.5
    Adobe PageMaker 7.0
    Adobe Photoshop 5.5
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Ai Suite
    aiofw
    aioprnt
    aioscnnr
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 3.0
    ArcSoft PhotoImpression 6
    ArcSoft Print Creations
    AsusUpdate
    Audit Support Center 1.0
    Bandlink
    Bonjour
    Business Mentor
    C4USelfUpdater
    Canon MP Navigator EX 3.0
    Canon MP560 series MP Drivers
    Canon MP560 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCScore
    center
    Compatibility Pack for the 2007 Office system
    DAEMON Tools
    Dropbox
    EPSON C120 User's Guide
    EPSON Printer Software
    EPSON Web-To-Page
    ESET Online Scanner v3
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    essvatgt
    Evoluent Mouse Manager
    Film Factory
    Foxit Reader
    Google Earth
    GSAK 6.6.0 Build 50 (Final)
    GSAK 7.6.1.27 (Final)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB910998)
    Hotfix for Windows XP (KB954550-v5)
    InterVideo Launcher
    InterVideo MediaOne Gallery
    InterVideo WinDVD
    iTunes
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    kgcbase
    KODAK AiO Home Center
    Kodak EasyShare software
    ksDIP
    LG USB Modem driver
    LimeWire 4.18.2
    Linksys Wireless Manager
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam
    Logitech® Camera Driver
    Macromedia Flash Player
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office OneNote 2003
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Small Business Accounting 2006
    Microsoft Office Visio Professional 2003
    Microsoft RichCopy 4.0
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Motorola Driver Installation
    Motorola USB Drivers
    Mozilla Firefox (3.6.21)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser
    Nero OEM
    netbrdg
    Norton Security Suite
    NVIDIA Drivers
    OfotoXMI
    oggcodecs 0.71.0946
    Palm Desktop
    PaperPort 7.02
    PC Inspector File Recovery
    PC Probe II
    PreReq
    PrimoDVD (English)
    Print Lab Series
    Pure Networks Platform
    QuickBooks Pro 2005
    QuickTime
    RealPlayer
    Rhapsody Player Engine
    SeaWorld Adventure Parks Tycoon 3D
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    SmartMusic 2011
    SmartMusic 2011a
    Sony CD Architect 5.2
    SoundMAX
    staticcr
    SureThing CD Labeler Deluxe 4
    tooltips
    Turbo Tax Audit Support Center 2.0
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2009 wtniper
    TurboTax Home & Business 2007
    USB Compound Device
    V CAST Music
    V CAST Music Essentials Manager
    Virtual Cable Tester
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    WIRELESS
    Yahoo! Music Jukebox
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/5/2011 8:54:23 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    9/5/2011 8:54:17 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    9/5/2011 8:53:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

    ===============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. kellidor

    kellidor TS Rookie Topic Starter

    Thank you for jumping in to help me!

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xBF9D5000 C:\WINDOWS\System32\nv4_disp.dll 3743744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 61.76 )
    0xB9928000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 2461696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.76 )
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2150400 bytes
    0x804D7000 RAW 2150400 bytes
    0x804D7000 WMIxWDM 2150400 bytes
    0xBF800000 Win32k 1847296 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB4D79000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110906.024\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
    0xBA595000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB82AF000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
    0xB83D9000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB8348000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0xB9824000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB84BE000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110903.030\IDSxpx86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
    0xB85D5000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB51C9000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
    0xB5A7D000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0xBA64C000 SYMEFA.SYS 323584 bytes
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB826D000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
    0xB5424000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB97BF000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 249856 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
    0xB9B81000 C:\WINDOWS\System32\DRIVERS\yk51x86.sys 245760 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
    0xB8579000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
    0xB83A6000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
    0xB98AA000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xBA753000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB5D7C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xBA568000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB383B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB8449000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB8496000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xBA781000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)
    0xBA6FD000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB8553000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB9BE0000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB852E000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
    0xB8221000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB979B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB9C05000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB9761000 C:\WINDOWS\system32\drivers\adidts.sys 143360 bytes (Analog Devices, Inc., Analog Devices DTS Driver)
    0xB9BBD000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB8474000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E4000 ACPI_HAL 134400 bytes
    0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xBA6AD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xBA723000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB832A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0xBA54E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xBA6E5000 98304 bytes
    0xB8209000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xBA6CD000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xB9784000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
    0xBA635000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB98EB000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB8519000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
    0xB5C4F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB4D25000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110906.024\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
    0xB9914000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB862E000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBA622000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xB9902000 C:\WINDOWS\System32\DRIVERS\bridge.sys 73728 bytes (Microsoft Corporation, MAC Bridge Driver)
    0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xBA69B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xBA742000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB98DA000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB4F31000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBAAE8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA9A8000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xBA8B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBAB08000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xB9C39000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xBA13B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBAAF8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB6629000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA14B000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA8C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA908000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBAB18000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xBA1AB000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA8E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA18B000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xBA9D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBAAD8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA8D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA19B000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA928000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
    0xBA8A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA938000 ivicd.sys 40960 bytes (InterVideo, InterVideo C/DVD Filter Driver)
    0xBA15B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA9C8000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
    0xBA16B000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB37BB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xBA8F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBAAC8000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA17B000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xB9C29000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xBA918000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xB9C49000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBABD8000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
    0xBAC60000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBAC20000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
    0xBAC68000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
    0xBABD0000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBABF0000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBAC48000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBAB28000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBAC70000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
    0xBABE8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBABE0000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
    0xBABF8000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBAC00000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBABC8000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBAC50000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBAC38000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xBAC58000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBAB30000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBABC0000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
    0xBAC10000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBAC28000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
    0xBAC18000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBAC08000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBAB90000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xBAD6C000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB708D000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBAD58000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xBACB8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB9820000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xBA44F000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xBAD4C000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
    0xB989E000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBAE22000 C:\WINDOWS\System32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
    0xBADF2000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
    0xBADDA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBADAE000 d347prt.sys 8192 bytes ( , SCSI miniport)
    0xBADAC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBAE00000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBADD6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBADA8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBADDC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBADDE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBAE24000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBADD8000 C:\WINDOWS\system32\drivers\udffsrec.sys 8192 bytes
    0xBAE26000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBADAA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBAEFF000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBAF13000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBAF20000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBAE70000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8A75A160 unknown_irp_handler 3744 bytes
    0x8A760160 unknown_irp_handler 3744 bytes
    0x8A70F178 unknown_irp_handler 3720 bytes
    0x8A8DC1C8 unknown_irp_handler 3640 bytes
    0x8A9C0278 unknown_irp_handler 3464 bytes
    0x8AC7B370 unknown_irp_handler 3216 bytes
    0x8AC79370 unknown_irp_handler 3216 bytes
    0x8AA4C690 unknown_irp_handler 2416 bytes
    0x8AFC1850 unknown_irp_handler 1968 bytes
    0x89A8A918 unknown_irp_handler 1768 bytes
    0x8AEB59D0 unknown_irp_handler 1584 bytes
    0x8A924D30 unknown_irp_handler 720 bytes
    0x8AFA1F28 unknown_irp_handler 216 bytes
    ==============================================
    >Stealth
    ==============================================

    -------------------------------------------------------------------------------------------------------

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-07 06:51:11
    -----------------------------
    06:51:11.812 OS Version: Windows 5.1.2600 Service Pack 3
    06:51:11.812 Number of processors: 2 586 0xF02
    06:51:11.812 ComputerName: SPAZ UserName:
    06:51:13.750 Initialize success
    06:53:57.656 AVAST engine defs: 11090700
    06:54:10.281 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e
    06:54:10.281 Disk 0 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
    06:54:10.281 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
    06:54:10.281 Disk 1 Vendor: ST3250620NS 3.AEG Size: 238475MB BusType: 3
    06:54:10.296 Device \Driver\atapi -> DriverStartIo ba6ec864
    06:54:10.296 Device \Driver\atapi -> MajorFunction 8ac7b370
    06:54:12.328 Disk 1 MBR read successfully
    06:54:12.328 Disk 1 MBR scan
    06:54:12.390 Disk 1 Windows XP default MBR code
    06:54:12.390 Disk 1 scanning sectors +488376000
    06:54:12.437 Disk 1 scanning C:\WINDOWS\system32\drivers
    06:54:27.718 Service scanning
    06:54:28.578 Service WINIO D:\WINIO.sys **LOCKED** 21
    06:54:29.125 Modules scanning
    06:54:35.453 Disk 1 trace - called modules:
    06:54:35.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ac7b370]<<
    06:54:35.500 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8af97ab8]
    06:54:35.515 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> \Device\00000088[0x8af989e8]
    06:54:35.515 5 ACPI.sys[ba759620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8af99940]
    06:54:35.515 \Driver\atapi[0x8afcdf38] -> IRP_MJ_CREATE -> 0x8ac7b370
    06:54:36.171 AVAST engine scan C:\WINDOWS
    06:54:48.656 AVAST engine scan C:\WINDOWS\system32
    06:57:30.234 AVAST engine scan C:\WINDOWS\system32\drivers
    06:57:52.125 AVAST engine scan C:\Documents and Settings\Kelly Comiskey
    07:26:31.953 AVAST engine scan C:\Documents and Settings\All Users
    07:44:40.171 Scan finished successfully
    07:50:09.453 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Kelly Comiskey\Desktop\Virus\MBR.dat"
    07:50:09.453 The log file has been saved successfully to "C:\Documents and Settings\Kelly Comiskey\Desktop\Virus\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. kellidor

    kellidor TS Rookie Topic Starter

    Here it is! Thanks!

    ComboFix 11-09-08.03 - Kelly Comiskey 09/08/2011 7:41.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2159 [GMT -5:00]
    Running from: c:\documents and settings\Kelly Comiskey\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Kelly Comiskey\Favorites\Scott The Piano Guy Houston's Web Store - Scott The Piano Guy Favorites & Holiday Songs Fakebook.ur
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\EnableBCM.exe.f16eb689.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\IEXPLORE.EXE.26e3ad32.ini.inuse
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\LogonHook.exe.3dc76509.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\MBKInstaller.exe.7de71b57.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.7da46d0d.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\qbw32.exe.b02493ae.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\SBA.exe.d3e8cbeb.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\SL148.tmp.aadc42c8.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\SL4F6.tmp.fa2f4e97.ini
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\ApplicationHistory\SLD8.tmp.55eb9753.ini
    c:\documents and settings\Kelly Comiskey\My Documents\~of17C.tmp
    c:\documents and settings\Kelly Comiskey\WINDOWS
    c:\program files\alexa toolbar
    c:\program files\messenger\msmsgsin.exe
    c:\windows\bwUnin-6.1.4.36-8876480L.exe
    c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    c:\windows\daemon.dll
    c:\windows\system32\bszip.dll
    c:\windows\system32\Config.ini
    c:\windows\system32\E_FBCB9FA.DLL
    c:\windows\system32\E_FD4BCCA.DLL
    c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-05 13:47 . 2011-09-05 13:47 -------- d-----w- c:\documents and settings\Kelly Comiskey\Application Data\Malwarebytes
    2011-09-05 13:46 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-05 13:46 . 2011-09-05 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-09-05 13:46 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-05 13:46 . 2011-09-05 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-05 13:29 . 2011-09-05 13:29 -------- d-----w- c:\program files\ESET
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kelly Comiskey\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kelly Comiskey\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kelly Comiskey\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kelly Comiskey\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
    "AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 582144]
    "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 1093632]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-07-12 4112384]
    "nwiz"="nwiz.exe" [2004-07-12 843776]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-07-12 81920]
    "DIRECTCD"="c:\program files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-25 299008]
    "WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-08-29 77824]
    "BCA2000"="c:\windows\system32\bca2kcpan.exe" [2008-01-18 946176]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-03 198160]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Evoluent Mouse Manager.lnk - c:\windows\Installer\{A8323EF0-1E8A-4385-93ED-F97963793042}\_3E7D7F8C756EC1A9420DE2.exe [2010-7-13 1150]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    "c:\\Program Files\\SmartMusic 2011\\smartmusic.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9323:TCP"= 9323:TCP:EKDiscovery
    "1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
    "9322:TCP"= 9322:TCP:EKDiscovery
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [3/19/2007 11:47 PM 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [3/19/2007 11:47 PM 5248]
    R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [3/17/2007 5:59 AM 38784]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/5/2010 3:21 AM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/5/2010 3:21 AM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/5/2010 3:21 AM 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110907.030\IDSXpx86.sys [9/7/2011 7:38 PM 356280]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 6:18 PM 308656]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/5/2010 3:21 AM 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/17/2011 2:50 AM 105592]
    S3 BCA2000;Behringer BCA2000 V2.1.0.6;c:\windows\system32\drivers\BCA2000.SYS [1/18/2008 6:57 PM 94624]
    S3 BCA2000WDM;Behringer BCA2000WDM V2.1.0.6;c:\windows\system32\drivers\BCA2000WDM.SYS [1/18/2008 6:57 PM 27328]
    S3 EloBus;Elobus Filter Driver;c:\windows\system32\DRIVERS\EloBus.sys --> c:\windows\system32\DRIVERS\EloBus.sys [?]
    S3 EloSer;Elo Serial Driver;c:\windows\system32\DRIVERS\EloSer.sys --> c:\windows\system32\DRIVERS\EloSer.sys [?]
    S3 evomouflt;Evoluent Mouse Filter Service;c:\windows\system32\drivers\evomouflt.sys [12/26/2007 2:03 PM 15872]
    S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys --> c:\windows\system32\drivers\IviUdf.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/5/2011 8:46 AM 41272]
    S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [4/6/2009 1:37 PM 900736]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [11/18/2007 1:04 AM 152576]
    S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [11/3/2009 8:36 PM 627072]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - udffsrec
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    Trusted Zone: wealthyaffiliate.com\members
    TCP: DhcpNameServer = 192.168.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Kelly Comiskey\Application Data\Mozilla\Firefox\Profiles\api6nyah.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-EPSON Stylus Photo R320 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
    HKLM-Run-EPSON Stylus Photo R320 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
    Notify-WgaLogon - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-08 07:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    EPSON Stylus Photo R320 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"????????????????????????????????p???g??w0??w????*??w???w????O??wj?A
    ???????????????]????w????????????????????T???????????g??w???w???????w???w??]????????????w????
    ???????????????????????????|??????????]?????????????O??ws??w???w'??wj?A?????????H?Y?????????O????FJ+
    "???????????4????a?wj?A?????????????????????????????T????b?w?????????????D??????????????h??w????????????z??w
    ????????8???????????`??
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3784)
    c:\windows\system32\nview.dll
    c:\documents and settings\Kelly Comiskey\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
    c:\windows\system32\nvwddi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\windows\System32\nvsvc32.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Evoluent\VMouse\EvoMouExec.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\documents and settings\Kelly Comiskey\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
    c:\program files\Mozilla Firefox\uninstall\helper.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-08 07:54:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-08 12:53
    .
    Pre-Run: 135,613,378,560 bytes free
    Post-Run: 135,675,486,208 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - FC7CF74FE4218B3E2BE25C2E3E91A978
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. kellidor

    kellidor TS Rookie Topic Starter

    The computer is still running slow. Mostly on loading of apps and startup. The random typing is hard to peg because it tends to only do it these days when my daughter is trying to work on homework in ms word so I have her on her own machine.

    OTL logfile created on: 9/8/2011 9:34:48 PM - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Kelly Comiskey\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 70.00% Memory free
    4.34 Gb Paging File | 3.75 Gb Available in Paging File | 86.27% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 126.27 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
    Drive F: | 185.87 Gb Total Space | 24.88 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
    Drive G: | 47.00 Gb Total Space | 46.37 Gb Free Space | 98.66% Space Free | Partition Type: FAT32

    Computer Name: SPAZ | User Name: Kelly Comiskey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/08 21:33:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly Comiskey\Desktop\OTL.exe
    PRC - [2011/09/08 07:53:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/13 18:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    PRC - [2010/02/05 01:20:11 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    PRC - [2009/10/18 21:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/03/03 18:11:04 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/02/16 04:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    PRC - [2008/01/18 18:57:13 | 000,946,176 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\WINDOWS\system32\bca2kcpan.exe
    PRC - [2007/12/26 14:06:04 | 000,147,456 | ---- | M] (Evoluent) -- C:\Program Files\Evoluent\VMouse\EvoMouExec.exe
    PRC - [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    PRC - [2006/07/10 16:49:34 | 001,093,632 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    PRC - [2006/06/30 09:57:04 | 000,582,144 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    PRC - [2006/05/16 21:46:18 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    PRC - [2005/01/21 03:47:02 | 000,270,336 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/08 07:53:38 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
    MOD - [2011/01/11 18:32:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Localization\5.4.6.4__5cc7ad8abd921325\Inkjet.Localization.dll
    MOD - [2011/01/11 18:32:14 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Utilities\5.4.6.4__5cc7ad8abd921325\Inkjet.Utilities.dll
    MOD - [2011/01/11 18:32:14 | 000,031,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Statistics\5.4.6.4__5cc7ad8abd921325\Inkjet.Statistics.dll
    MOD - [2011/01/11 18:32:13 | 000,153,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Hardware\5.4.6.4__5cc7ad8abd921325\Inkjet.Hardware.dll
    MOD - [2011/01/11 18:32:12 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Diagnostics\5.4.6.4__5cc7ad8abd921325\Inkjet.Diagnostics.dll
    MOD - [2011/01/11 18:32:12 | 000,034,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.DeviceSettings\5.4.6.4__5cc7ad8abd921325\Inkjet.DeviceSettings.dll
    MOD - [2011/01/11 18:32:11 | 000,058,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Automation\5.4.6.4__5cc7ad8abd921325\Inkjet.Automation.dll
    MOD - [2011/01/11 17:49:24 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/02/05 11:34:59 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    MOD - [2010/02/05 11:34:59 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2010/02/05 11:34:58 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2010/02/05 11:34:57 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2010/02/05 11:34:57 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2010/02/05 11:34:57 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2010/02/05 11:34:57 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2010/02/05 11:34:57 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2010/02/05 11:34:55 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2010/02/05 11:34:54 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2010/02/05 11:34:54 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2010/02/05 11:34:54 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2010/02/05 11:11:23 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
    MOD - [2010/02/05 11:11:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll
    MOD - [2010/02/05 11:11:01 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
    MOD - [2010/02/05 11:10:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
    MOD - [2010/02/05 11:08:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
    MOD - [2010/02/05 11:08:41 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
    MOD - [2010/02/05 11:08:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
    MOD - [2010/02/05 11:06:48 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
    MOD - [2010/02/05 11:06:38 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
    MOD - [2010/02/05 11:05:58 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2010/02/05 11:05:58 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2010/02/05 11:05:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/02/05 11:05:56 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/02/05 11:05:51 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2010/02/05 11:05:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2010/02/05 11:05:50 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2010/02/05 11:05:49 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2010/02/05 11:05:46 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2010/02/05 11:05:41 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2009/01/30 14:37:28 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2009/01/30 14:37:28 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2009/01/30 14:37:27 | 000,400,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2009/01/30 14:37:27 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2009/01/30 14:37:27 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2009/01/30 14:37:26 | 000,217,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.2__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2009/01/30 14:37:26 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2009/01/30 14:37:26 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2009/01/30 14:37:26 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2009/01/30 13:40:24 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    MOD - [2009/01/30 13:40:23 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2009/01/30 13:40:21 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
    MOD - [2009/01/30 13:40:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
    MOD - [2009/01/30 13:40:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
    MOD - [2009/01/30 13:40:20 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
    MOD - [2008/12/12 19:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2008/12/12 19:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/04/01 18:31:50 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2008/04/01 18:31:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2008/04/01 18:31:49 | 002,052,096 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
    MOD - [2008/04/01 18:31:49 | 001,339,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
    MOD - [2008/04/01 18:31:49 | 000,835,584 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
    MOD - [2008/04/01 18:31:49 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
    MOD - [2008/04/01 18:31:49 | 000,770,048 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
    MOD - [2008/04/01 18:31:49 | 000,495,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
    MOD - [2008/04/01 18:31:49 | 000,430,080 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
    MOD - [2008/04/01 18:31:49 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2008/04/01 18:31:48 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
    MOD - [2008/04/01 18:31:48 | 000,114,176 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
    MOD - [2008/04/01 18:31:48 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    MOD - [2008/04/01 18:31:48 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2008/04/01 18:31:48 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2008/04/01 18:31:48 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    MOD - [2008/04/01 18:31:48 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll
    MOD - [2008/04/01 18:31:48 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    MOD - [2008/04/01 18:31:47 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
    MOD - [2008/04/01 18:31:47 | 001,064,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    MOD - [2008/04/01 18:31:47 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    MOD - [2008/04/01 18:31:47 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
    MOD - [2008/04/01 18:31:47 | 000,343,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
    MOD - [2008/04/01 18:31:47 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    MOD - [2008/04/01 18:31:47 | 000,307,200 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    MOD - [2008/04/01 18:31:47 | 000,257,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
    MOD - [2008/04/01 18:31:47 | 000,231,424 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    MOD - [2008/04/01 18:31:47 | 000,172,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
    MOD - [2008/04/01 18:31:47 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    MOD - [2008/04/01 18:31:47 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    MOD - [2008/04/01 18:31:47 | 000,082,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    MOD - [2008/04/01 18:31:47 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    MOD - [2008/04/01 18:31:47 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
    MOD - [2006/07/10 16:49:34 | 001,093,632 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    MOD - [2006/06/30 09:57:04 | 000,582,144 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
    MOD - [2006/05/30 14:40:02 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
    MOD - [2006/01/10 03:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
    MOD - [2003/10/21 01:31:30 | 000,102,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.01\cpuutil.dll
    MOD - [2001/10/24 13:36:54 | 000,006,915 | ---- | M] () -- C:\WINDOWS\system32\LANGMON.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
    SRV - File not found [Unknown | Stopped] -- -- (McShield)
    SRV - [2010/09/13 18:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2010/02/05 01:20:11 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/08/17 20:33:37 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110908.030\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/08/13 02:54:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110908.016\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/08/13 02:54:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/08/13 02:54:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/08/13 02:54:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110908.016\NAVENG.SYS -- (NAVENG)
    DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/02/05 01:20:20 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/02/05 01:20:13 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/02/05 01:20:13 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
    DRV - [2010/02/05 01:20:13 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/02/05 01:20:13 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
    DRV - [2010/02/05 01:20:13 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/05 01:20:13 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2010/02/05 01:20:13 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2010/02/05 01:20:13 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2010/02/05 01:20:13 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
    DRV - [2010/02/05 01:20:12 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/05 01:20:12 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/12/04 08:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
    DRV - [2008/01/18 18:57:13 | 000,094,624 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCA2000.SYS -- (BCA2000)
    DRV - [2008/01/18 18:57:13 | 000,027,328 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCA2000WDM.SYS -- (BCA2000WDM)
    DRV - [2007/12/26 14:03:38 | 000,015,872 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evomouflt.sys -- (evomouflt)
    DRV - [2007/07/24 11:47:06 | 000,900,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mosuport.sys -- (mosuport)
    DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2006/06/15 03:02:22 | 000,142,464 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
    DRV - [2006/05/23 09:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2005/12/21 21:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2005/01/12 07:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ivicd.sys -- (ivicd)
    DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
    DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\d347bus.sys -- (d347bus)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/09/15 22:41:10 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..network.proxy.no_proxies_on: "localhost"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/25 20:38:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 07:54:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 07:54:41 | 000,000,000 | ---D | M]

    [2009/09/09 13:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Comiskey\Application Data\Mozilla\Extensions
    [2007/11/28 16:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly Comiskey\Application Data\Mozilla\Firefox\Profiles\api6nyah.default\extensions
    [2011/09/08 07:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/25 20:38:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    [2011/09/08 07:47:38 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

    O1 HOSTS File: ([2011/09/08 07:48:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (no name) - 0<º - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
    O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
    O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe ()
    O4 - HKLM..\Run: [BCA2000] C:\WINDOWS\system32\bca2kcpan.exe (Behringer Spezielle Studiotechnik GmbH)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DIRECTCD] C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    O4 - HKU\S-1-5-21-448539723-1644491937-839522115-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk = C:\WINDOWS\Installer\{A8323EF0-1E8A-4385-93ED-F97963793042}\_3E7D7F8C756EC1A9420DE2.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: intuit.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: turbotax.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: wealthyaffiliate.com ([members] http in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265378970750 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265378957218 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab (moDiagCollectionActiveX Object)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FBDA7DD-2685-4E6D-9DF2-64110FB38409}: DhcpNameServer = 68.87.68.166 68.87.74.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63FBE7B3-0857-491B-A885-597E59FFC75A}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/03/17 04:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2003/12/05 14:10:44 | 000,000,071 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/08 21:33:49 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly Comiskey\Desktop\OTL.exe
    [2011/09/08 07:40:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/09/08 07:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/08 07:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/08 07:36:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/08 07:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/08 07:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/09/08 07:36:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/09/08 07:36:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/08 07:32:35 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Kelly Comiskey\Desktop\ComboFix.exe
    [2011/09/05 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Laptop
    [2011/09/05 09:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Comiskey\Desktop\Virus
    [2011/09/05 08:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Malwarebytes
    [2011/09/05 08:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/05 08:46:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/05 08:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/09/05 08:46:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/05 08:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/05 08:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2007/03/19 23:47:16 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
    [2007/03/19 23:47:16 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  8. kellidor

    kellidor TS Rookie Topic Starter

    ========== Files - Modified Within 30 Days ==========

    [2011/09/08 21:33:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly Comiskey\Desktop\OTL.exe
    [2011/09/08 07:49:55 | 000,108,308 | ---- | M] () -- C:\logfile
    [2011/09/08 07:48:31 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
    [2011/09/08 07:48:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/08 07:47:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/08 07:47:33 | 3220,361,216 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/08 07:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/08 07:40:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/09/08 07:32:38 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Kelly Comiskey\Desktop\ComboFix.exe
    [2011/09/07 14:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/05 07:34:14 | 014,732,670 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\Desktop\90-day business fast start.mp3
    [2011/09/05 07:31:31 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\Desktop\90-DayBizFastStart May 29 at 7 PM Central.URL
    [2011/08/13 19:22:47 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/08 07:40:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/09/08 07:40:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/09/08 07:36:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/09/08 07:36:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/08 07:36:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/09/08 07:36:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/09/08 07:36:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/09/05 07:34:14 | 014,732,670 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Desktop\90-day business fast start.mp3
    [2011/06/28 15:33:41 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/22 15:07:53 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/11/21 12:05:04 | 000,098,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/02/05 11:59:40 | 002,462,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/11/03 20:36:17 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2009/10/02 17:57:09 | 000,038,473 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Application Data\Microsoft Excel.ADR
    [2009/04/06 13:37:22 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SerialMP.exe
    [2009/04/06 13:37:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\MosUsbPrintConfig.exe
    [2009/04/06 13:37:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ParallelMP.exe
    [2009/04/06 13:37:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\PConfig.ini
    [2009/04/06 13:37:11 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\MosUsbSerial.exe
    [2009/04/06 13:37:11 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\ppspCoInst.dll
    [2009/04/06 13:37:10 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\MosUSBParallel.exe
    [2009/04/06 13:37:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\MosUSBSerPropPage.dll
    [2009/04/06 13:37:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\MosUSBParPropPage.dll
    [2009/04/06 13:37:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dbgmsgcfg.dll
    [2009/04/06 13:37:08 | 000,900,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\mosuport.sys
    [2009/04/06 13:37:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\MosUnst.exe
    [2008/11/13 14:07:09 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini
    [2008/04/25 19:55:14 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/04/01 18:36:00 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\kodakpcd.ini
    [2008/01/04 15:05:36 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
    [2008/01/04 09:32:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll
    [2008/01/04 09:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/12/06 10:07:22 | 000,001,279 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/11/28 16:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/11/18 01:04:39 | 000,015,387 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2007/11/18 01:04:06 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2007/11/01 12:12:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2007/11/01 12:12:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2007/11/01 12:12:26 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2007/11/01 12:12:26 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2007/11/01 12:12:26 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2007/11/01 12:12:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2007/11/01 12:12:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2007/11/01 12:12:26 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2007/11/01 12:12:26 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2007/11/01 12:12:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2007/11/01 12:12:26 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2007/11/01 12:12:26 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2007/11/01 12:12:10 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
    [2007/10/30 12:19:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\softy.ini
    [2007/09/06 14:23:16 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/05/14 10:41:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
    [2007/05/01 09:06:24 | 000,002,194 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\SAS7_000.DAT
    [2007/04/26 11:07:42 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
    [2007/04/26 08:56:54 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
    [2007/04/22 12:23:14 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/19 14:02:36 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2007/04/19 14:02:25 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
    [2007/04/19 14:02:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2007/04/19 13:43:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
    [2007/04/19 13:42:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
    [2007/04/19 13:41:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
    [2007/04/19 13:39:08 | 000,001,318 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2007/04/19 13:39:08 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
    [2007/04/19 13:39:05 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
    [2007/04/19 13:39:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
    [2007/04/19 13:39:05 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
    [2007/04/19 13:38:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
    [2007/04/03 12:23:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2007/03/28 11:20:26 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2007/03/28 09:14:44 | 000,022,283 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Application Data\Comma Separated Values (Windows).ADR
    [2007/03/20 02:03:49 | 000,003,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\SAS7_000.DAT
    [2007/03/20 01:48:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2007/03/20 01:48:11 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2007/03/20 01:48:11 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2007/03/20 01:48:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/03/20 01:43:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
    [2007/03/20 01:42:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR320.ini
    [2007/03/20 00:16:21 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Kelly Comiskey\Local Settings\Application Data\fusioncache.dat
    [2007/03/20 00:05:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/03/17 23:43:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/03/17 23:42:19 | 000,443,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/03/17 06:03:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\mws.exe
    [2007/03/17 05:59:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/03/17 05:59:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/03/17 05:59:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/03/17 05:59:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/03/17 05:59:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/03/17 05:59:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/03/17 05:59:20 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
    [2007/03/17 05:59:08 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HWS.exe
    [2007/03/17 05:59:08 | 000,026,694 | ---- | C] () -- C:\WINDOWS\HMD.exe
    [2007/03/17 05:35:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2007/03/17 05:28:22 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2007/03/17 05:28:22 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2007/03/17 05:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
    [2007/03/17 05:28:20 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
    [2007/03/17 05:04:11 | 000,022,236 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2007/03/17 05:03:43 | 000,021,724 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2007/03/17 05:03:42 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2007/03/17 05:03:39 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/03/17 04:59:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/03/17 04:55:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2005/09/29 03:23:33 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2004/07/30 14:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
    [2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/08/29 07:00:00 | 000,593,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/08/29 07:00:00 | 000,119,812 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/10/24 13:36:54 | 000,006,915 | ---- | C] () -- C:\WINDOWS\System32\LANGMON.DLL
    [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
    [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

    ========== LOP Check ==========

    [2008/07/09 11:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2011/01/17 22:04:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/01/17 22:56:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2009/05/21 07:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
    [2007/11/01 12:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2009/09/14 10:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
    [2010/10/27 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
    [2007/03/20 00:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Parker Software
    [2007/03/28 10:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
    [2010/11/21 11:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/05/11 20:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Amazon
    [2011/06/04 18:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Canon
    [2011/09/05 07:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Dropbox
    [2007/11/18 01:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\FotoWire
    [2007/03/17 05:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\InterVideo
    [2007/03/20 01:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Leadertech
    [2009/09/08 20:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\LimeWire
    [2010/10/27 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\MakeMusic
    [2007/03/20 00:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\NetMedia Providers
    [2007/03/20 00:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Publish Providers
    [2010/09/13 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\SignupShield
    [2007/05/14 10:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Smith Micro
    [2007/03/20 00:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Sony
    [2011/01/11 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly Comiskey\Application Data\Temp

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/03/17 04:57:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/04/03 12:29:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/09/08 07:40:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/09/08 07:55:01 | 000,018,022 | ---- | M] () -- C:\ComboFix.txt
    [2007/03/17 04:57:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/04/11 03:32:48 | 000,000,051 | ---- | M] () -- C:\delnis.bat
    [2007/10/14 18:34:10 | 000,023,336 | ---- | M] () -- C:\formmail.php
    [2011/09/08 07:47:33 | 3220,361,216 | -HS- | M] () -- C:\hiberfil.sys
    [2007/03/17 04:57:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/09/08 07:49:55 | 000,108,308 | ---- | M] () -- C:\logfile
    [2007/11/18 01:03:55 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
    [2007/03/17 04:57:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/04/03 12:26:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/02/05 10:31:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/09/08 07:47:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2007/12/02 16:54:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2007/12/02 16:54:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2007/12/02 17:02:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2007/12/02 16:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2007/12/02 16:54:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2007/12/02 17:02:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2007/06/05 13:14:19 | 000,011,392 | ---- | M] () -- C:\wialog.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/03/17 04:57:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/03/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
    [2009/03/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
    [2010/09/02 09:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2001/05/07 18:14:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Film Factory.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/03/17 23:41:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2007/03/17 23:41:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2007/03/17 23:41:16 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/02/05 10:39:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/04/03 12:44:43 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Kelly Comiskey\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/03/17 05:00:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/08 07:32:38 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Kelly Comiskey\Desktop\ComboFix.exe
    [2011/09/08 21:33:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly Comiskey\Desktop\OTL.exe
    [2009/03/03 18:07:52 | 000,476,696 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Kelly Comiskey\Desktop\RealPlayer11GOLD.exe
    [2006/05/01 08:46:00 | 001,704,564 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\Kelly Comiskey\Desktop\yourgenerator.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2007/03/17 05:59:52 | 000,000,065 | ---- | M] () -- C:\Program Files\Common Files\appop.log

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2003/07/14 14:36:04 | 000,648,900 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\cep2cdr.exe
    [2003/07/09 09:19:42 | 004,008,129 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\DivX505Bundle.exe
    [2003/04/24 23:34:10 | 000,297,528 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kelly Comiskey\My Documents\dxwebsetup.exe
    [2003/06/24 16:38:58 | 013,624,181 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\nero551035.exe
    [2003/04/24 23:42:58 | 014,901,344 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\SONAR2_2Demo.exe
    [2003/07/09 08:59:44 | 003,468,472 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\winamp3_0-full.exe
    [2003/07/18 15:12:08 | 001,897,672 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\My Documents\winzip81.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/04/03 12:44:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kelly Comiskey\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/09/08 08:01:17 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\Kelly Comiskey\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/22 19:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [2006/06/23 01:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/29 07:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/04/13 19:11:59 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/29 07:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/29 07:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/29 07:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
    -------------------------------------------------------------------------------------------------------------------

    OTL Extras logfile created on: 9/8/2011 9:34:48 PM - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Kelly Comiskey\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 70.00% Memory free
    4.34 Gb Paging File | 3.75 Gb Available in Paging File | 86.27% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 126.27 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
    Drive F: | 185.87 Gb Total Space | 24.88 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
    Drive G: | 47.00 Gb Total Space | 46.37 Gb Free Space | 98.66% Space Free | Partition Type: FAT32

    Computer Name: SPAZ | User Name: Kelly Comiskey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
    "1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
    "500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
    "1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
    "1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
    "500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
    "9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
    "5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
    "C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe" = C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
    "C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
    "C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
    "C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
    "C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
    "C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
    "C:\Program Files\SmartMusic 2011\smartmusic.exe" = C:\Program Files\SmartMusic 2011\smartmusic.exe:*:Enabled:SmartMusic -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{0D442113-1F96-40DE-948C-5850CE7B8005}" = Motorola Driver Installation
    "{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0F4B6DA7-29B3-4481-B50C-F74862A363C7}" = PrimoDVD (English)
    "{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
    "{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = Ai Suite
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
    "{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3CD1ADA0-EAA2-012B-AEBD-000000000000}" = TurboTax 2009 wtniper
    "{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
    "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{7A1F1E81-A017-43EE-8A24-E88878164C91}" = SeaWorld Adventure Parks Tycoon 3D
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
    "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
    "{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo Launcher
    "{8E0E1270-9638-4DD9-B5C7-9F0887C2135F}" = Sony CD Architect 5.2
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A8323EF0-1E8A-4385-93ED-F97963793042}" = Evoluent Mouse Manager
    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
    "{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D87D6386-3C2D-4239-9780-3418FB7B0E94}" = Print Lab Series
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
    "{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 2.0
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F413D795-B077-4A96-AE75-810BBA673A0E}" = Microsoft Office Small Business Accounting 2006
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe PageMaker 6.5" = Adobe PageMaker 6.5
    "Adobe PageMaker 7.0" = Adobe PageMaker 7.0
    "Adobe Photoshop 5.5" = Adobe Photoshop 5.5
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
    "Audit Support Center" = Audit Support Center 1.0
    "BandlinkCDNetwork" = Bandlink
    "Business Mentor" = Business Mentor
    "Canon MP560 series User Registration" = Canon MP560 series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESET Online Scanner" = ESET Online Scanner v3
    "Film Factory" = Film Factory
    "Foxit Reader" = Foxit Reader
    "GSAK" = GSAK 6.6.0 Build 50 (Final)
    "GSAK_is1" = GSAK 7.6.1.27 (Final)
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InfraRecorder" = InfraRecorder
    "LimeWire" = LimeWire 4.18.2
    "Linksys Wireless Manager" = Linksys Wireless Manager
    "Logitech Print Service" = Logitech Print Service
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2008b" = Microsoft Money Plus
    "Motorola USB Drivers" = Motorola USB Drivers
    "Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "MVApplication1" = SureThing CD Labeler Deluxe 4
    "N360" = Norton Security Suite
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "oggcodecs" = oggcodecs 0.71.0946
    "PaperPort 7.02" = PaperPort 7.02
    "QcDrv" = Logitech® Camera Driver
    "RealPlayer 6.0" = RealPlayer
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "Silent Package Run-Time Sample" = EPSON C120 User's Guide
    "SmartMusic 2011" = SmartMusic 2011
    "SmartMusic 2011a" = SmartMusic 2011a
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "USB Compound Device" = USB Compound Device
    "VCast Music Essentials Manager" = V CAST Music Essentials Manager
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
     
  9. kellidor

    kellidor TS Rookie Topic Starter

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/5/2010 11:49:24 AM | Computer Name = SPAZ | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 2/5/2010 11:49:27 AM | Computer Name = SPAZ | Source = LoadPerf | ID = 3001
    Description = The performance counter name string value in the registry is incorrectly
    formatted.
    The bogus string is 4874, the bogus index value is the first DWORD in Data section
    while the last valid index values are the second and third DWORD in Data section.

    Error - 2/5/2010 12:56:48 PM | Computer Name = SPAZ | Source = .NET Runtime | ID = 1023
    Description = .NET Runtime version 2.0.50727.3082 - Unrecoverable system error.

    Error - 2/5/2010 12:56:52 PM | Computer Name = SPAZ | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 turbotax.exe, P2 2009.9.7.202, P3 4b47a0e5,
    P4 windowsbase, P5 3.0.0.0, P6 488f1338, P7 da, P8 1b, P9 fatalerror, P10 NIL.

    Error - 2/5/2010 12:58:42 PM | Computer Name = SPAZ | Source = .NET Runtime | ID = 1023
    Description = .NET Runtime version 2.0.50727.3082 - Unrecoverable system error.

    Error - 2/5/2010 12:58:44 PM | Computer Name = SPAZ | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 turbotax.exe, P2 2009.9.7.202, P3 4b47a0e5,
    P4 windowsbase, P5 3.0.0.0, P6 488f1338, P7 da, P8 1b, P9 fatalerror, P10 NIL.

    Error - 2/16/2010 9:54:33 PM | Computer Name = SPAZ | Source = Application Error | ID = 1000
    Description = Faulting application aiohomecenter.exe, version 3.40.1208.0, faulting
    module aiohomecenter.ni.exe, version 3.40.1208.0, fault address 0x008091cc.

    Error - 2/16/2010 9:57:34 PM | Computer Name = SPAZ | Source = Application Error | ID = 1000
    Description = Faulting application aiohomecenter.exe, version 3.40.1208.0, faulting
    module aiohomecenter.ni.exe, version 3.40.1208.0, fault address 0x008091cc.

    Error - 2/17/2010 10:55:08 AM | Computer Name = SPAZ | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 2/17/2010 11:56:47 AM | Computer Name = SPAZ | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, stamp 48025c30,
    faulting module user32.dll, version 5.1.2600.5512, stamp 4802a11b, debug? 0, fault
    address 0x0000bc2c.

    [ System Events ]
    Error - 8/24/2011 1:18:20 PM | Computer Name = SPAZ | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {9EF249FE-3AFE-4BD0-BE45-CBB6B7F70090}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 8/24/2011 1:18:52 PM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.

    Error - 8/24/2011 1:19:22 PM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.

    Error - 9/5/2011 9:53:42 AM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 9/5/2011 9:54:17 AM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 9/5/2011 9:54:23 AM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7034
    Description = The Intuit Update Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 9/7/2011 7:39:58 AM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/7/2011 7:40:06 AM | Computer Name = SPAZ | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {9EF249FE-3AFE-4BD0-BE45-CBB6B7F70090}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.

    Error - 9/8/2011 8:47:39 AM | Computer Name = SPAZ | Source = Service Control Manager | ID = 7000
    Description = The McAfee Real-time Scanner service failed to start due to the following
    error: %%3

    Error - 9/8/2011 8:47:47 AM | Computer Name = SPAZ | Source = RemoteAccess | ID = 20106
    Description = Unable to add the interface {9EF249FE-3AFE-4BD0-BE45-CBB6B7F70090}
    with the Router Manager for the IP protocol. The following error occurred: Cannot
    complete this function.


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
      SRV - File not found [Unknown | Stopped] -- -- (McShield)
      DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
      DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
      DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
      DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
      DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
      IE - HKU\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O3 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: intuit.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: turbotax.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-448539723-1644491937-839522115-1003\..Trusted Domains: wealthyaffiliate.com ([members] http in Trusted sites)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2008/07/09 11:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. kellidor

    kellidor TS Rookie Topic Starter

    Ran it. You didn't say to post the log so I'm taking this one back out as it is huge.

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------
     
  12. kellidor

    kellidor TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Service McSysmon stopped successfully!
    Service McSysmon deleted successfully!
    Error: No service named McShield was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield deleted successfully.
    Error: Unable to stop service mfehidk!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfehidk deleted successfully.
    C:\WINDOWS\system32\drivers\mfehidk.sys moved successfully.
    Service mfeavfk stopped successfully!
    Service mfeavfk deleted successfully!
    C:\WINDOWS\system32\drivers\mfeavfk.sys moved successfully.
    Service mfesmfk stopped successfully!
    Service mfesmfk deleted successfully!
    C:\WINDOWS\system32\drivers\mfesmfk.sys moved successfully.
    Service mfebopk stopped successfully!
    Service mfebopk deleted successfully!
    C:\WINDOWS\system32\drivers\mfebopk.sys moved successfully.
    Service mferkdk stopped successfully!
    Service mferkdk deleted successfully!
    C:\WINDOWS\system32\drivers\mferkdk.sys moved successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}\ not found.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-448539723-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wealthyaffiliate.com\members\ deleted successfully.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\WINDOWS\002507_.tmp deleted successfully.
    C:\WINDOWS\005955_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SETA.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET54.tmp deleted successfully.
    C:\WINDOWS\System32\SET60.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Kelly Comiskey
    ->Temp folder emptied: 20421052 bytes
    ->Temporary Internet Files folder emptied: 16262351 bytes
    ->Java cache emptied: 7458024 bytes
    ->FireFox cache emptied: 81796500 bytes
    ->Flash cache emptied: 4098143 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 111759 bytes
    ->FireFox cache emptied: 3347331 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 127.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Kelly Comiskey
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.27.0 log created on 09102011_071102

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\JETABE0.tmp not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_200.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_214.dat not found!

    Registry entries deleted on Reboot...
     
  13. kellidor

    kellidor TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player 10.1.102.64
    Adobe Reader 7.0.9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.22)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````
     
  14. kellidor

    kellidor TS Rookie Topic Starter

    ESET showed no viruses
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Uninstall:
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===============================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  16. kellidor

    kellidor TS Rookie Topic Starter

    Since we were creating a new restore point, I also uninstalled Kodak software as I do not have that printer anymore.

    Everything is running much faster now! Thank you!!!

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kelly Comiskey
    ->Temp folder emptied: 1565969 bytes
    ->Temporary Internet Files folder emptied: 2515980 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 32274205 bytes
    ->Flash cache emptied: 456 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 265935 bytes

    Total Files Cleaned = 35.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Kelly Comiskey
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.27.0 log created on 09112011_073706

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\JETB313.tmp not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_298.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2f0.dat not found!

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...