Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blackhole and Malicious Toolkit my PC attacking own PC?


  • This topic is locked This topic is locked

#31
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It is WORSE! I ran the Kasper-sky and it froze twice on me and both times I had to push and hold the power button to get the PC to turn off. Third, I pasted the text you told me in the last post and it froze again on the OTL. I would like to know what are the issues you see in my logs that you are requesting me to run these programs for? Thanks and sorry I'm frustrated with this.....
  • 0

Advertisements


#32
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

It is WORSE! I ran the Kasper-sky and it froze twice on me and both times I had to push and hold the power button to get the PC to turn off. Third, I pasted the text you told me in the last post and it froze again on the OTL. I would like to know what are the issues you see in my logs that you are requesting me to run these programs for? Thanks and sorry I'm frustrated with this.....


The last fix was intended only to remove the tools we use (specifically kaspersky virus removal tool drivers) as I am already starting the cleanup. I am sorry if this is not going the way I intended. In fact the log is showing 46% free memory which is suppose to show a big improvement theoretically.

Could you restart the machine; then test again and see if its any different.
  • 0

#33
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
What is the make and model of your machine?
  • 0

#34
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One

We need to install an updated ATI Catalyst Driver. Download from here.


Step Two

Next, we will use Combofix to remove faulty services that delays boot up as each of these contribute to the slow booting.

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AfaService)


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::
SessionLauncher
rpcapd
RoxLiveShare10
AppMgmt
AfaService


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Three

--We need to temporarily remove Windows Desktop Search and Roxio as they're causing a problem, . You may reinstall it again after we are finished. If you are not happy about doing this, please let me know before proceding. Real Player and Divx needs to be uninstalled as well.

--µTorrent is Peer-to-peer (P2P) program. This kind of application can provide medium for entry of unverified data which tend to corrupt your system - a great way to infect your computer. Those who participate in P2P file sharing both provide files for others to download by uploading them onto their computers. They also download the files of others who have uploaded music and videos onto their own computers. Many times, however, networks will make it so your own files can be uploaded by others.

You may consider that P2P downloads are one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

--Norton Products needs to be uninstalled also and download and replace it with Avast 6 free version.

  • Go to Control Panel then Add / Remove programs.
  • Locate the following application and uninstall all instances:

Windows Desktop Search
Roxio
Real player
Divx
Uttorrent
Norton


Then install free version of Avast 6 as antivirus. You may download the installer here.


Step Four

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, post the log on your next reply
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Note: Please have the original windows installation CD handy.

If you have any question, feel free to ask.
  • 0

#35
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I appreciate ALL of your help, but I just wanted to know what it is that I am doing with all of your requests...it just helps me to understand it better.

As per your first request, I rebotted after the OYLfix and OTL Log is as follows:

OTL logfile created on: 4/12/2011 9:51:31 AM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\House Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 466.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 114.02 Gb Free Space | 48.97% Space Free | Partition Type: NTFS

Computer Name: MIDWESTHOME | User Name: House Guest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
MOD - [2010/09/20 12:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AfaService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 21:00:21 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110411.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110411.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110411.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/02/25 14:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/01/12 14:36:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/12 14:36:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/12 14:20:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/17 13:05:10 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/05/27 10:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/03/31 14:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/19 16:07:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/01/12 18:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/01/12 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/02 17:49:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/02 17:49:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/11 22:38:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/16 15:04:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 22:18:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/02 22:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/04/02 22:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/04/02 22:16:00 | 000,172,032 | ---- | C] (SteelWerX) -- C:\Documents and Settings\House Guest\Desktop\flushflash.exe
[2011/04/02 22:08:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/02 22:07:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\TFC.exe
[2011/03/30 11:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Application Data\Malwarebytes
[2011/03/30 11:05:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/30 11:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/30 11:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/30 11:05:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/30 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/30 11:03:04 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\House Guest\Desktop\mbam-setup.exe
[2011/03/29 19:01:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/29 18:58:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/29 18:58:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/29 18:58:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/29 18:58:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/29 18:51:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 12:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/29 12:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\desktop
[2011/03/29 12:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/25 15:17:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
[2011/03/25 12:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Desktop\Gears 2
[2011/03/25 12:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Desktop\Student Exercise Files
[2011/03/25 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\My Documents\New Folder (2)
[2011/03/17 16:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/17 16:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/14 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/14 16:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/14 21:08:31 | 041,487,388 | ---- | C] (Zyda-Capital Ltd.) -- C:\Program Files\ebayreplaygbook.exe
[2010/11/12 19:04:53 | 009,991,650 | ---- | C] (Zyd-Capital) -- C:\Program Files\EBay Replay Book Preview.exe
[2010/11/09 13:45:41 | 014,056,000 | ---- | C] (SmartSoft Ltd) -- C:\Program Files\SFTPMSI.exe

========== Files - Modified Within 30 Days ==========

[2011/04/12 09:47:57 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/12 09:47:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
[2011/04/12 09:47:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/04/12 09:46:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 22:38:36 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/11 22:27:15 | 000,000,968 | ---- | M] () -- C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk
[2011/04/11 22:18:08 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/11 21:57:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/04/11 18:54:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 17:47:51 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2011/04/07 17:23:16 | 000,504,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/07 17:23:16 | 000,086,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/06 09:25:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
[2011/04/02 23:35:14 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\npd6.d
[2011/04/02 22:16:01 | 000,172,032 | ---- | M] (SteelWerX) -- C:\Documents and Settings\House Guest\Desktop\flushflash.exe
[2011/04/02 22:07:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\TFC.exe
[2011/03/30 11:03:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\House Guest\Desktop\mbam-setup.exe
[2011/03/29 19:01:26 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/03/29 18:57:46 | 004,307,709 | R--- | M] () -- C:\Documents and Settings\House Guest\Desktop\ComboFix.exe
[2011/03/29 12:34:24 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\House Guest\Desktop\gmer.exe
[2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
[2011/03/22 09:33:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/17 16:26:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/16 03:00:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 16:14:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/04/11 22:27:14 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk
[2011/04/11 18:28:10 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/06 15:56:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2011/04/02 22:18:09 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\npd6.d
[2011/03/29 19:01:26 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/03/29 19:01:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/29 18:58:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/29 18:58:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/29 18:58:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/29 18:58:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/29 18:58:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/29 18:57:28 | 004,307,709 | R--- | C] () -- C:\Documents and Settings\House Guest\Desktop\ComboFix.exe
[2011/03/22 09:33:54 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/20 17:07:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\House Guest\Desktop\gmer.exe
[2011/03/17 15:45:03 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/03/17 15:45:02 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/03/14 16:14:10 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/04 23:09:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/20 21:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/08 01:19:37 | 000,152,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 09:44:01 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/29 09:43:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/16 23:13:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/11 20:42:11 | 014,838,814 | ---- | C] () -- C:\Program Files\smplayer-0.6.9-win32.exe
[2010/11/02 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/02 19:33:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/02 19:33:35 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/02 19:33:35 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/02 19:28:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/27 17:19:58 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/11 22:09:23 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/29 17:35:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\House Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 14:38:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/16 17:01:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/12/16 15:06:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 15:01:44 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/16 05:47:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/16 05:45:58 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 11:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 11:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,504,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,086,914 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CB6E0BD

< End of report >
  • 0

#36
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, The utorrent is from my son for his gaming. I will uninstall that. I don't even know what it is. As far as Divx, I love it as my player and dislike Realplayer. I will finish reading and proceed as noted. Thank you@!

MG
  • 0

#37
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The make and model is a Dell Dimension 5100. Intel Pentium 4 CPU 2.80GHz , 2.79GHz, 1.00 GB of RAM
  • 0

#38
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the Combofix log. I tried to reply twice and both times IE automatically refreshed the webpage to Compatability Mode and said there was a problem displaying geekstogo properly.???

Also, what is the reason for removing Norton 360 and replacing with Avast? I just renewed Norton this year. Thanks.

ComboFix 11-04-11.04 - House Guest 04/12/2011 10:21:14.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.434 [GMT -7:00]
Running from: c:\documents and settings\House Guest\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\House Guest\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFASERVICE
-------\Legacy_APPMGMT
-------\Legacy_ROXLIVESHARE10
-------\Legacy_SESSIONLAUNCHER
-------\Service_AfaService
-------\Service_AppMgmt
-------\Service_RoxLiveShare10
-------\Service_rpcapd
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:14 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-04-12 17:13 . 2011-04-12 17:13 -------- d-----w- C:\ATI
2011-04-12 05:18 . 2011-04-12 05:18 -------- d-----w- C:\_OTL
2011-04-06 22:56 . 2002-12-29 08:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2011-04-03 05:17 . 2011-02-16 01:39 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-04-03 05:17 . 2011-02-16 01:39 229376 ----a-w- c:\windows\system32\PuranDC.exe
2011-04-03 05:17 . 2011-02-16 01:39 108544 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-04-03 05:17 . 2009-12-31 21:02 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-04-03 05:17 . 2011-04-03 05:18 -------- d-----w- c:\program files\Puran Defrag
2011-04-03 05:17 . 2011-02-16 01:39 1114112 ----a-w- c:\windows\system32\PuranFD.exe
2011-03-30 18:05 . 2011-03-30 18:05 -------- d-----w- c:\documents and settings\House Guest\Application Data\Malwarebytes
2011-03-30 18:05 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 18:05 . 2011-03-30 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-30 18:05 . 2011-03-30 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 18:05 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 19:31 . 2011-03-29 19:31 -------- d-----w- c:\program files\ERUNT
2011-03-23 19:16 . 2011-03-23 19:16 -------- d-----w- c:\documents and settings\Dominic
2011-03-17 23:26 . 2011-03-17 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-17 23:20 . 2011-03-17 23:20 -------- d-----w- c:\program files\uTorrent
2011-03-17 22:36 . 2011-03-17 22:37 -------- d-----w- c:\documents and settings\Administrator
2011-03-14 23:12 . 2011-03-14 23:12 -------- d-----w- c:\program files\iPod
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 23:26 . 2010-08-01 19:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 00:36 . 2009-12-27 20:12 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2009-12-27 20:12 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53 . 2004-08-04 10:00 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 22:00 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 22:00 677888 ------w- c:\windows\system32\mstsc.exe
2011-01-27 06:34 . 2010-05-21 02:45 6406656 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-01-27 06:05 . 2010-02-03 04:02 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-27 06:01 . 2010-02-03 04:12 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-27 06:00 . 2010-02-03 04:12 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-27 05:59 . 2010-02-03 04:10 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-27 05:52 . 2010-11-03 02:33 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-27 05:51 . 2008-04-14 00:11 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-27 05:42 . 2008-04-14 00:11 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-27 05:41 . 2010-11-03 02:33 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-27 05:35 . 2011-01-27 05:35 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-27 05:32 . 2010-02-03 03:23 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-27 05:32 . 2010-02-03 03:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-27 05:31 . 2010-02-03 03:23 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-27 05:31 . 2010-02-03 03:23 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-27 05:31 . 2010-02-03 03:22 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-27 05:30 . 2010-02-03 03:21 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-27 05:28 . 2010-02-03 03:19 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-27 05:27 . 2010-02-03 03:19 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-27 05:27 . 2008-04-14 00:11 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-27 05:23 . 2010-02-03 03:15 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-27 05:21 . 2010-02-03 03:12 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-27 05:21 . 2010-02-03 03:32 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-27 05:21 . 2010-02-03 03:12 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-27 05:15 . 2008-04-14 00:11 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-27 05:13 . 2010-02-03 03:18 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-27 05:13 . 2010-02-03 03:18 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-27 05:12 . 2010-02-03 03:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-21 14:44 . 2004-08-04 10:00 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-12 21:20 . 2009-12-25 00:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-12 21:20 . 2009-12-25 00:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-12 03:42 . 2010-12-12 03:42 14838814 ----a-w- c:\program files\smplayer-0.6.9-win32.exe
2010-11-15 04:09 . 2010-11-15 04:08 41487388 ----a-w- c:\program files\ebayreplaygbook.exe
2010-11-13 02:04 . 2010-11-13 02:04 9991650 ----a-w- c:\program files\EBay Replay Book Preview.exe
2010-11-09 20:45 . 2010-11-09 20:45 14056000 ----a-w- c:\program files\SFTPMSI.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
c:\documents and settings\House Guest\Start Menu\Programs\Startup\
_uninst_Kasperskyantivirus.exe.lnk - c:\documents and settings\House Guest\Local Settings\temp\_uninst_Kasperskyantivirus.exe.bat [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\House Guest\\Desktop\\TF2\\BitTorrent-7.0.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Riot Games\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"56829:TCP"= 56829:TCP:Pando Media Booster
"56829:UDP"= 56829:UDP:Pando Media Booster
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/12/2011 6:58 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/12/2011 6:58 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/10/2011 3:30 PM 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/12/2011 6:58 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/12/2011 6:58 PM 116784]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [12/17/2010 1:05 PM 6656]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [1/12/2011 6:58 PM 126392]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/12/2011 10:14 AM 101904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/4/2011 5:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110411.001\IDSXpx86.sys [4/11/2011 5:54 PM 341944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [10/7/2010 5:29 PM 51072]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [4/2/2011 10:17 PM 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-18 17:06]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-04-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-04-12 10:37:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 17:37
ComboFix2.txt 2011-03-30 02:21
.
Pre-Run: 122,290,708,480 bytes free
Post-Run: 122,315,247,616 bytes free
.
- - End Of File - - 3FFAD3050884A4348CAFB2D168B8B5AB
  • 0

#39
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the log after the removal of DivX, Real Player, Windows Search 4.0, and UTorrent. I kept Norton and waiting for your rply.

TY!

OTL logfile created on: 4/12/2011 11:46:38 AM - Run 9
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\House Guest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 371.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 116.22 Gb Free Space | 49.92% Space Free | Partition Type: NTFS

Computer Name: MIDWESTHOME | User Name: House Guest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
MOD - [2010/10/28 02:07:38 | 000,504,120 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\sfShellTools.dll
MOD - [2010/10/28 01:29:12 | 000,004,096 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\en-US\sfShellTools.dll.mui
MOD - [2010/09/20 12:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/21 20:02:19 | 000,066,408 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\efacli.dll
MOD - [2010/03/18 14:37:15 | 002,389,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\bushell.dll
MOD - [2010/02/25 17:32:56 | 000,646,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccl90u.dll
MOD - [2010/02/25 17:22:26 | 000,284,536 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccgevt.dll
MOD - [2010/02/25 17:22:21 | 000,152,952 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccipc.dll
MOD - [2010/02/25 17:21:53 | 000,085,880 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccvrtrst.dll
MOD - [2010/02/25 17:21:47 | 000,268,152 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccset.dll
MOD - [2009/08/13 06:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 21:00:21 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110411.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/30 21:00:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110411.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 11:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110411.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/02/25 14:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/01/12 14:36:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/12 14:36:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/12 14:20:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/17 13:05:10 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/11/17 05:03:56 | 000,101,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/05/27 10:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/03/31 14:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/01/12 18:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/01/12 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/02 17:49:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/02 17:49:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/12 10:33:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/16 15:04:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 11:17:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/12 10:13:22 | 000,000,000 | ---D | C] -- C:\ATI
[2011/04/11 22:18:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/02 22:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/04/02 22:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/04/02 22:16:00 | 000,172,032 | ---- | C] (SteelWerX) -- C:\Documents and Settings\House Guest\Desktop\flushflash.exe
[2011/04/02 22:07:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\TFC.exe
[2011/03/30 11:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Application Data\Malwarebytes
[2011/03/30 11:05:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/30 11:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/30 11:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/30 11:05:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/30 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/30 11:03:04 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\House Guest\Desktop\mbam-setup.exe
[2011/03/29 19:01:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/29 18:58:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/29 18:58:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/29 18:58:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/29 18:58:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/29 18:51:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 12:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/29 12:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\desktop
[2011/03/29 12:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/25 15:17:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
[2011/03/25 12:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Desktop\Gears 2
[2011/03/25 12:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\Desktop\Student Exercise Files
[2011/03/25 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\House Guest\My Documents\New Folder (2)
[2011/03/17 16:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/14 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/14 16:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/14 21:08:31 | 041,487,388 | ---- | C] (Zyda-Capital Ltd.) -- C:\Program Files\ebayreplaygbook.exe
[2010/11/12 19:04:53 | 009,991,650 | ---- | C] (Zyd-Capital) -- C:\Program Files\EBay Replay Book Preview.exe
[2010/11/09 13:45:41 | 014,056,000 | ---- | C] (SmartSoft Ltd) -- C:\Program Files\SFTPMSI.exe

========== Files - Modified Within 30 Days ==========

[2011/04/12 11:13:23 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/12 11:13:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
[2011/04/12 11:13:22 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/04/12 11:07:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 11:00:51 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/12 10:57:34 | 000,483,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 10:57:34 | 000,079,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 10:56:35 | 000,000,200 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/04/12 10:33:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/12 10:17:22 | 004,319,653 | R--- | M] () -- C:\Documents and Settings\House Guest\Desktop\ComboFix.exe
[2011/04/11 22:27:15 | 000,000,968 | ---- | M] () -- C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk
[2011/04/11 21:57:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/04/11 18:54:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 17:47:51 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2011/04/06 09:25:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1003.job
[2011/04/02 23:35:14 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\npd6.d
[2011/04/02 22:16:01 | 000,172,032 | ---- | M] (SteelWerX) -- C:\Documents and Settings\House Guest\Desktop\flushflash.exe
[2011/04/02 22:07:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\TFC.exe
[2011/03/30 11:03:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\House Guest\Desktop\mbam-setup.exe
[2011/03/29 19:01:26 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2011/03/29 12:34:24 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\House Guest\Desktop\gmer.exe
[2011/03/25 15:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\House Guest\Desktop\OTL.exe
[2011/03/24 03:01:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/22 09:33:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/14 16:14:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/04/12 10:56:35 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/04/12 10:16:54 | 004,319,653 | R--- | C] () -- C:\Documents and Settings\House Guest\Desktop\ComboFix.exe
[2011/04/11 22:27:14 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\House Guest\Start Menu\Programs\Startup\_uninst_Kasperskyantivirus.exe.lnk
[2011/04/11 18:28:10 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1004.job
[2011/04/06 15:56:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2011/04/02 22:18:09 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\npd6.d
[2011/03/29 19:01:26 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011/03/29 19:01:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/29 18:58:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/29 18:58:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/29 18:58:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/29 18:58:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/29 18:58:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/22 09:33:54 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/20 17:07:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\House Guest\Desktop\gmer.exe
[2011/03/17 15:45:03 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/03/17 15:45:02 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1677128483-839522115-1006.job
[2011/03/14 16:14:10 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/04 23:09:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/20 21:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/08 01:19:37 | 000,152,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 09:44:01 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/29 09:43:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/16 23:13:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/11 20:42:11 | 014,838,814 | ---- | C] () -- C:\Program Files\smplayer-0.6.9-win32.exe
[2010/11/02 19:33:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/02 19:33:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/02 19:33:35 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/02 19:33:35 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/02 19:28:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/27 17:19:58 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/06/11 22:09:23 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/29 17:35:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\House Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 14:38:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/16 17:01:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/12/16 15:06:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 15:01:44 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/16 05:47:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/16 05:45:58 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 11:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 11:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,483,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,079,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/20 21:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/12/16 17:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/01/26 00:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/15 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/13 20:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/10/07 18:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/18 19:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/16 18:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/07 10:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 13:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/31 21:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\.minecraft
[2010/10/06 17:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\AnvSoft
[2010/10/10 10:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\Any Flv Converter
[2010/12/15 22:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\BitTorrent
[2010/03/30 22:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\BitZipper
[2010/06/27 16:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\Blackberry Desktop
[2011/03/02 18:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\DDMSettings
[2011/01/07 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\EPSON
[2010/11/03 22:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\FixCleaner
[2011/01/16 16:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\GameTuts
[2010/10/10 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\HandBrake
[2010/11/12 19:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\HTML Executable
[2010/12/02 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\LolClient
[2010/11/17 14:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\main.542EE8ACF7F339584A023BE012CB4512BACF448C.1
[2010/06/27 17:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\Research In Motion
[2010/12/21 23:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\Windows Search
[2010/11/06 16:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\House Guest\Application Data\WinMount

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CB6E0BD

< End of report >
  • 0

#40
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

I appreciate ALL of your help, but I just wanted to know what it is that I am doing with all of your requests...it just helps me to understand it better.


I kept Norton and waiting for your rply.


From experience, Norton is one of the worst causes of slowness in a machine. Its only temporary and you can may reinstall it again after we are finished.

Next, we will perform a clean boot.
    • Press Start > Run then type msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest (except your antivirus application).
    • See this link for detailed information:http://support.micro....b;EN-US;310353
    • Now restart and test the machine if it working properly and speedy. If it is still slow, do not proceed and let me know.
    • If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.
    • If the problem didn't occur, check the other half, so all the Services are enabled.
  • Get the idea? You want to isolate the problem to a specific startup if possible.

After we get this machine up to speed, we're going to find that hung installer that event viewer is reporting.

Tell me if you have any questions.
  • 0

Advertisements


#41
Midwestgirl

Midwestgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OKay. I was told that Norton is one of the Best Anti-virus programs for Windows. I will do as you recommend tonight when I get back home from work.

Thank you again.
  • 0

#42
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP