Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another Wndows Security Pro


  • Please log in to reply

#1
patrick79

patrick79

    Member

  • Member
  • PipPip
  • 10 posts
I have come down with the Windows Security Pro 2011 that I have read about on the forums. I can't surf the web from my regular IE browser and I am inundated with popups wanting me to install Windows Security Pro. The only way that I am able to get on the Internet is by clicking on a link in an email that launches Firefox. Why this works I do not know but if it didn't I wouldn't be able to even get on this sight to post.

I have run OTL and it spit out 2 Notepad papers.

One other thing that I thought I should mention is that we run Spy Agent software on this computer to keep track of users web browsing. I turned it off to run the OTL scan but I am not sure whether or not whether you are able to distinguish between this software and malicious software. If it needs to be totally uninstalled I can do that although I would prefer not to.

Here are the OTL logs


OTL logfile created on: 5/22/2011 6:25:33 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Graham Sorgard\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.73% Memory free
3.81 Gb Paging File | 3.25 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 94.12 Gb Total Space | 37.46 Gb Free Space | 39.80% Space Free | Partition Type: NTFS

Computer Name: GRAHAM-2E03B74A | User Name: Graham Sorgard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 18:17:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Graham Sorgard\My Documents\Downloads\OTL.exe
PRC - [2011/05/22 17:48:12 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
PRC - [2011/05/07 05:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/11/17 12:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/08/19 02:12:35 | 001,367,552 | ---- | M] () -- C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe
PRC - [2010/06/26 11:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/03/08 01:56:53 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 01:56:51 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/15 00:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/11/15 00:40:46 | 000,136,504 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2009/11/15 00:40:46 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2009/10/30 11:22:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/08 16:30:12 | 000,091,648 | ---- | M] () -- C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
PRC - [2008/04/15 16:31:18 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 14:50:52 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/04/03 19:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/22 18:17:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Graham Sorgard\My Documents\Downloads\OTL.exe
MOD - [2011/05/22 17:57:33 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/16 15:10:58 | 000,048,640 | -H-- | M] () -- C:\WINDOWS\system32\sinvfct.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2011/05/17 19:01:07 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2010/03/08 01:56:51 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/15 00:40:46 | 000,136,504 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/11/15 00:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/26 14:50:52 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/11/15 00:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 08:36:53 | 000,029,696 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2009/10/16 08:36:53 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2009/10/16 08:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/07/03 08:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/09/19 12:25:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/09/19 12:25:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/09/19 12:25:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/19 12:25:00 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/15 16:35:01 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/15 16:33:14 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/15 16:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/04/15 16:30:24 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/04/15 16:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\applebt.sys -- (applebt)
DRV - [2008/04/15 15:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/02 16:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2011/02/22 21:58:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins

[2010/09/02 21:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham Sorgard\Application Data\Mozilla\Extensions
File not found (No name found) --
[2009/10/30 11:22:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/22 21:58:28 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 4\EXTENSIONS\[email protected]
[2010/11/17 04:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2010/08/19 07:54:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [System32] C:\Program Files\Spytech Software\Spytech SpyAgent\sysdiag.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Graham Sorgard\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\Graham Sorgard\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimed...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_18)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/11 03:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Graham Sorgard\My Documents\*.tmp files -> C:\Documents and Settings\Graham Sorgard\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 18:25:06 | 000,001,429 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\emopts.dat
[2011/05/22 18:25:06 | 000,001,308 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\saopts.dat
[2011/05/22 18:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/22 18:02:28 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 18:02:28 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 18:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 18:00:34 | 000,013,012 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 18:00:34 | 000,013,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 17:58:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/22 17:57:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5b873180ef1e.job
[2011/05/22 17:57:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 17:57:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 17:57:11 | 2126,958,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 17:48:12 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
[2011/05/21 06:58:51 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.shx
[2011/05/21 06:58:41 | 000,405,904 | ---- | M] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.shp
[2011/05/21 06:58:07 | 000,014,191 | ---- | M] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.dbf
[2011/05/16 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/15 05:54:19 | 000,069,423 | ---- | M] () -- C:\Documents and Settings\Graham Sorgard\Desktop\Rx.zip
[2011/05/14 00:52:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/13 12:02:32 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/04 16:37:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/25 06:40:56 | 000,129,913 | ---- | M] () -- C:\Documents and Settings\Graham Sorgard\Desktop\Lease Contract - Sorgaard Ranches Ltd. & Charles Sorgaard.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Graham Sorgard\My Documents\*.tmp files -> C:\Documents and Settings\Graham Sorgard\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 17:48:13 | 000,013,012 | -HS- | C] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 17:48:13 | 000,013,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 17:48:12 | 000,331,776 | -HS- | C] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
[2011/05/21 06:58:51 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.shx
[2011/05/21 06:58:37 | 000,405,904 | ---- | C] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.shp
[2011/05/21 06:58:07 | 000,014,191 | ---- | C] () -- C:\Documents and Settings\Graham Sorgard\Desktop\E20,21-27-3RX.dbf
[2011/05/15 05:54:19 | 000,069,423 | ---- | C] () -- C:\Documents and Settings\Graham Sorgard\Desktop\Rx.zip
[2010/11/16 13:21:09 | 000,000,009 | ---- | C] () -- C:\WINDOWS\sakf.dat
[2010/09/02 22:05:56 | 000,001,429 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\emopts.dat
[2010/09/02 21:55:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/02 10:00:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/06 01:33:04 | 000,047,616 | ---- | C] () -- C:\WINDOWS\sassr.dat
[2010/07/29 17:37:12 | 000,104,960 | ---- | C] () -- C:\WINDOWS\sysk32.dll
[2010/07/10 13:36:02 | 000,065,943 | ---- | C] () -- C:\WINDOWS\clfct.dll
[2010/07/01 14:02:22 | 000,030,928 | ---- | C] () -- C:\WINDOWS\sview.exe
[2010/06/11 11:16:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/16 15:10:58 | 000,048,640 | -H-- | C] () -- C:\WINDOWS\System32\sinvfct.dll
[2010/02/26 22:22:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\Base64.dll
[2010/02/26 22:22:37 | 000,000,440 | ---- | C] () -- C:\WINDOWS\sadefs.dat
[2010/02/26 22:22:32 | 000,001,308 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\saopts.dat
[2010/02/26 21:29:06 | 000,026,931 | ---- | C] () -- C:\WINDOWS\jimglib.dll
[2009/11/15 00:40:46 | 000,136,504 | ---- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
[2009/10/31 15:16:41 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 07:49:35 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/31 19:22:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/31 01:48:11 | 000,022,379 | ---- | C] () -- C:\WINDOWS\WinSig.ini
[2009/08/31 01:48:11 | 000,002,927 | ---- | C] () -- C:\WINDOWS\WinRos.ini
[2009/06/02 07:37:12 | 000,157,768 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2009/06/02 07:37:11 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2009/05/15 09:06:31 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2009/01/11 04:12:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/11 04:10:22 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/11 04:10:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/11 04:10:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/01/11 04:10:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/01/11 04:10:20 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/11 04:10:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/11 04:10:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/11 04:10:17 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/01/11 04:10:16 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/11 03:58:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/11 03:53:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/11 03:44:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/11 03:43:20 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/27 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 06:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 06:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/05 15:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AgentSS
[2009/08/28 12:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/08/31 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSignal
[2010/11/30 18:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\performance
[2011/05/22 18:25:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\sacache
[2010/01/18 17:38:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/05 00:50:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/01/18 09:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\Amazon
[2009/08/31 01:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\counters
[2009/08/31 01:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\eSignal
[2009/06/20 23:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\Internet Chess Club
[2010/09/18 04:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\Moyea
[2011/05/22 18:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\PriceGong
[2010/08/05 11:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham Sorgard\Application Data\TS3Client
[2011/05/14 00:52:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/22 17:58:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >



That is the first file. Here is the second

OTL Extras logfile created on: 5/22/2011 6:25:33 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Graham Sorgard\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.73% Memory free
3.81 Gb Paging File | 3.25 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 94.12 Gb Total Space | 37.46 Gb Free Space | 39.80% Space Free | Partition Type: NTFS

Computer Name: GRAHAM-2E03B74A | User Name: Graham Sorgard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe ()
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GS\REDIPlus\Primary\Redi.exe" = C:\Program Files\GS\REDIPlus\Primary\Redi.exe:*:Enabled:RediPlus Application -- ()
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B31AFF9-30A4-4662-ABE6-D7AFF2BF0F49}" = REDIPlus
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Rogers Connection Manager
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro 2 version 2.5.1.1757
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC4F4E70-DEFD-4717-BEC7-BDB648718D46}" = eSignal
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8BBE3DC2B1A38488ADAF1D96E1296F4F88B7F69C" = Windows Driver Package - CirrusLogic (HdAudAddService) MEDIA (09/15/2009 1.0.0.26)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Auction Client" = Auction Client
"AudibleManager" = AudibleManager
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BlitzIn 2.7" = BlitzIn 2.7
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"conduitEngine" = Conduit Engine
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"Dasher" = Dasher
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eSignal" = eSignal 10.5
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.02" = Freecorder 4.02 Application
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0b9 (x86 en-US)" = Mozilla Firefox 4.0b9 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PdaNet_is1" = PdaNet for Android 2.45
"Shop for HP Supplies" = Shop for HP Supplies
"Spytech SpyAgent" = Spytech SpyAgent
"STANDARDR" = Microsoft Office Standard 2007
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2011 1:37:05 PM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application sysdiag.exe, version 0.0.0.0, faulting module
clfct.dll, version 0.0.0.0, fault address 0x000035da.

Error - 5/20/2011 2:14:32 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ole32.dll, version 5.1.2600.6010, fault address 0x0001d7ce.

Error - 5/21/2011 8:43:24 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.

Error - 5/21/2011 8:50:38 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6557.5001, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 5/21/2011 8:50:46 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6557.5001, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 5/21/2011 8:50:52 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6557.5001, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 5/21/2011 11:01:22 AM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ole32.dll, version 5.1.2600.6010, fault address 0x0001d7ce.

Error - 5/21/2011 7:22:24 PM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
wpcap.dll, version 3.1.0.27, fault address 0x000158f5.

Error - 5/22/2011 12:09:18 PM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application sysdiag.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

Error - 5/22/2011 12:41:52 PM | Computer Name = GRAHAM-2E03B74A | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.

[ OSession Events ]
Error - 4/21/2009 2:03:26 AM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55353
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 5/7/2009 11:41:54 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51268
seconds with 600 seconds of active time. This session ended with a crash.

Error - 7/13/2009 9:22:51 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43651
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/9/2009 11:47:59 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51743
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/29/2009 6:08:58 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16339
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/9/2010 7:32:16 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9969
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/10/2010 4:16:04 PM | Computer Name = GRAHAM-2E03B74A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16689
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/20/2011 11:18:34 AM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/20/2011 11:19:55 AM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/20/2011 11:54:32 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/20/2011 11:55:53 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/21/2011 8:53:14 AM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/21/2011 8:54:35 AM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/21/2011 7:20:55 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/21/2011 7:22:16 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/22/2011 7:57:46 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/22/2011 7:59:08 PM | Computer Name = GRAHAM-2E03B74A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >


Thankyou
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
Uninstall:
Conduit Engine
Freecorder Toolbar
Java 2 Runtime Environment Standard Edition v1.3.1_18
Java™ 6 Update 16
Yahoo! Toolbar
Yahoo! Software Update

Copy the text in the code box by highlighting and Ctrl + c

:Services
gusvc

:OTL
PRC - [2011/05/22 17:48:12 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
SRV - File not found [Auto | Stopped] -- -- (gusvc)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimed...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_18)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe" -a "%1" %* ()
[2011/05/22 18:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 18:00:34 | 000,013,012 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 18:00:34 | 000,013,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 17:57:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5b873180ef1e.job
[2011/05/22 17:48:12 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
[2011/05/22 17:48:13 | 000,013,012 | -HS- | C] () -- C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r
[2011/05/22 17:48:13 | 000,013,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7300xfuydabpb0c364ilhj2vy60n8see17r

:files
C:\Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image



Ron
  • 0

#3
patrick79

patrick79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello
I am going through the steps and am on the combofix step and my computer appears to have locked up.I haven't touched anything but the blue autoscan window has been up for approx 2 hours. I assume that I need to reboot but I thought I would be cautious and check here first. Thanks
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
It normally doesn't take that long. If the hard drive light is not flashing then it's time for a reboot. It may revert back to last known good. If it acts like the virus is back go ahead and run the OTL fix again.

Ron
  • 0

#5
patrick79

patrick79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the response. I rebooted and the computer seems to be working much better. I am not getting the windows security pro messages and I can use the internet normally. Let me walk though what I have done to this point.

I uninstalled everything you said to uninstall.

I copy and pasted the text you supplied into OTL and hit "RUN FIX". I ran into a small snag here as I was having to access the internet from a link in my outlook email. This runs in Google Chrome and it did not give me the option of saving OTL but would only allow me to run it. When the computer rebooted I could not find OTL or the logfile on my computer anywhere.

At this point my computer began working as if it did not have the virus and I was able to access the internet normally.

I ran OTL again as requested using safelist in the Extra Registry group. I will attach both logfiles.

I then ran Malwarebytes Anti Malware. I will attach the log.

I then ran into the problem with ComboFix and am not sure that I am to proceed with the additional instruction you provided.

As I previously mentioned the computer seems to working good with one exception I have a few Microsoft Word Files that seem to be corrupted. Maybe 10 % of the MW files in My Documents I can't open and the first two letters of the filename have replaced with a ~$. I am not sure what that is.

Thankyou

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
Please do not attach logs. Makes them too hard to work with. Just open them and copy and paste.

The word docs that start with ~ are temporary copies created when you open a document. They are normally removed when you close word but get left behind if word crashes.

I'm afraid MBAM ate part of your spyagent. You will probably need to reinstall it.

See if Combofix left a file at C:\Combofix.txt. If so copy and paste it into a reply.

Go on with the rest of the scans. Let's add a new one since CF didn't fly.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

We are going on vacation this Sunday so my replies will be slow and will depend on if we have Internet at the hotel each night. However, I think you are over the worst of it.

Ron
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
I don't see an anti-virus. Install the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Since you appear to be a business you probably shouldn't run the free version of Avast so now that it has done the boot scan, download MSSE:

http://www.microsoft...ls/default.aspx

This is Microsoft's free anti-virus so you can legally use it.

It's a pretty decent anti-virus but shouldn't be installed on an infected system.

Ron
  • 0

#8
patrick79

patrick79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay here is the logfile from the MBR scan

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-27 23:12:15
-----------------------------
23:12:15.890 OS Version: Windows 5.1.2600 Service Pack 3
23:12:15.890 Number of processors: 2 586 0x1706
23:12:15.890 ComputerName: GRAHAM-2E03B74A UserName: Graham Sorgard
23:12:17.015 Initialize success
23:12:22.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
23:12:22.968 Disk 0 Vendor: Hitachi_HTS722020K9SA00 DC4AC77A Size: 190782MB BusType: 3
23:12:24.999 Disk 0 MBR read successfully
23:12:24.999 Disk 0 MBR scan
23:12:24.999 Disk 0 Windows XP default MBR code
23:12:26.999 Disk 0 scanning sectors +390721928
23:12:27.202 Disk 0 scanning C:\WINDOWS\system32\drivers
23:12:32.093 Service scanning
23:12:33.265 Disk 0 trace - called modules:
23:12:33.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:12:33.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d6ab8]
23:12:33.296 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a843f18]
23:12:33.296 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8a760940]
23:12:33.296 Scan finished successfully
23:13:42.108 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Graham Sorgard\Desktop\MBR.dat"
23:13:42.108 The log file has been saved successfully to "C:\Documents and Settings\Graham Sorgard\Desktop\aswMBR.txt"

Here is the esetscan.txt logfile

C:\Documents and Settings\Graham Sorgard\Application Data\Sun\Java\Deployment\cache\6.0\9\70e54709-25fb0ccb a variant of Win32/Kryptik.ODJ trojan
C:\Program Files\Spytech Software\Spytech SpyAgent\services.exe probably a variant of Win32/Agent.LSEUNRB trojan
C:\_OTL\MovedFiles\05272011_111832\C_Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe a variant of Win32/Kryptik.ODJ trojan



Here is the logfile located in the Program Files folder from Eset


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=63ea7fa974de254296261ed9b6d8a776
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-28 06:42:12
# local_time=2011-05-28 12:42:12 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=302002
# found=3
# cleaned=0
# scan_time=3907
C:\Documents and Settings\Graham Sorgard\Application Data\Sun\Java\Deployment\cache\6.0\9\70e54709-25fb0ccb a variant of Win32/Kryptik.ODJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spytech Software\Spytech SpyAgent\services.exe probably a variant of Win32/Agent.LSEUNRB trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05272011_111832\C_Documents and Settings\Graham Sorgard\Local Settings\Application Data\kpl.exe a variant of Win32/Kryptik.ODJ trojan (unable to clean) 00000000000000000000000000000000 I

Here is the quickscan file from Bitdefender


QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Sat May 28 18:08:34 2011
Machine ID: E8C61EDF



No infection found.
-------------------



Processes
---------
hpwuSchd Application 740 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Ad-Aware Service Application 1912 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Ad-Aware Tray Application 2808 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
AutoDect 824 C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
Boot Camp 732 C:\Program Files\Boot Camp\KbdMgr.exe
Boot Camp 420 C:\WINDOWS\system32\AppleOSSMgr.exe
Boot Camp 436 C:\WINDOWS\system32\AppleTimeSrv.exe
Boot Camp 708 C:\WINDOWS\system32\IRW.exe
Canon My Printer 772 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
GPCore COM object 624 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
hp digital imaging - hp all-in-one seri 516 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
hp digital imaging - hp all-in-one seri 1268 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
McAfee Security Scanner 1900 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Microsoft Office Outlook 2384 C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
Microsoft® Windows® Operating System 2012 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 3880 C:\WINDOWS\system32\wbem\unsecapp.exe
NVIDIA Driver Helper Service, Version 1 1924 C:\WINDOWS\system32\nvsvc32.exe
PdaNetPC.exe 444 C:\Program Files\PdaNet for Android\PdaNetPC.exe
PMB 536 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
Realtek HD Audio Sound Effect Manager 912 C:\WINDOWS\RTHDCPL.exe
Window Washer 2656 C:\Program Files\Webroot\Washer\WasherSvc.exe
Yahoo! Messenger 3280 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(verified) Google Update 1496 C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier 944 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System 308 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1480 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1200 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1188 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 952 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 268 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1416 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1456 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1592 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1652 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1744 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1120 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2484 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 128 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 4072 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 1144 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 1720 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2284 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 764 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3348 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (764) connected on port 80 (HTTP) --> 69.63.181.11
Process iexplore.exe (764) connected on port 80 (HTTP) --> 72.14.213.138
Process iexplore.exe (764) connected on port 80 (HTTP) --> 96.17.15.131
Process iexplore.exe (764) connected on port 80 (HTTP) --> 96.17.15.131
Process iexplore.exe (764) connected on port 80 (HTTP) --> 66.235.142.58
Process iexplore.exe (764) connected on port 80 (HTTP) --> 66.220.149.11
Process iexplore.exe (764) connected on port 80 (HTTP) --> 69.63.189.26
Process iexplore.exe (764) connected on port 80 (HTTP) --> 72.14.213.138
Process iexplore.exe (764) connected on port 80 (HTTP) --> 96.17.15.130
Process iexplore.exe (764) connected on port 80 (HTTP) --> 96.17.15.131

Process svchost.exe (1416) listens on ports: 135 (RPC)
Process svchost.exe (1456) listens on ports: 139 (NetBIOS)


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
AutoDect C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
Boot Camp C:\Program Files\Boot Camp\KbdMgr.exe
Boot Camp C:\WINDOWS\system32\IRW.exe
Canon My Printer C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
CNSLMAIN.EXE C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HpqSRmon Application C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Microsoft Genuine Advantage C:\WINDOWS\system32\KB905474\wgasetup.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
nwiz.exe C:\WINDOWS\system32\nwiz.exe
PdaNetPC.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe
PMB C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe
Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) QuickTime C:\Program Files\QuickTime\qttask.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
Google Updater C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll


Missing files
-------------
File not found: c:\program files\java\jre6\bin\jp2ssv.dll
--> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"

File not found: c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
--> HKLM\Software\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32\"(default)"


Scan
----
MD5: e97140424c378acbd47df493a6ab7235 C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 3bcc65b08589b17938b2ebc26d907afa C:\Program Files\Boot Camp\Boot Camp.Resources\en.lproj\Resources.dll
MD5: 060ff0a643f033e2cfd00c8b7915145c C:\Program Files\Boot Camp\KbdMgr.exe
MD5: 39c497df1f9b87df673195456e4a2cfd C:\Program Files\Canon\MyPrinter\BJMyRes.dll
MD5: fedb6110d3e0a7efe6996f93cd8c48e7 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
MD5: 99e7e4e081509feee835c7fff8f8ff12 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 0ee9e4d28cc1c671061cad0334c9b59f C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 814161c6f897c330a461397f870e786b C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 8832f4b4cb3c7c966bae3132553423da c:\program files\common files\akamai\netsession_win_8832f4b.dll
MD5: 5c88054458e044f1deb77855f6137a25 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
MD5: 68d19db34ba83c00b557e22647be360d C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: f67a9f35ab9414f06fae3cc0361ce82e C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_2F821985C9445066.dll
MD5: dd1d6ab37ccd88b5bf5cddf9fdb8ac7a C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll
MD5: 21fcfc6fff22de67d60b475f74538163 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll
MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
MD5: c886a692396cc049cc977ac726229126 C:\Program Files\Google\Update\1.3.21.53\goopdate.dll
MD5: 866ce04905aa02fc0de5b306b25032c3 C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
MD5: cd7fcd2c3cc2e5ac6099b7a4a11fe6b6 C:\Program Files\Google\Update\1.3.21.53\psmachine.dll
MD5: ebd98cf6e4d04d300e57f9ec15d3bead C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
MD5: 4967aa8bd06d51af10e629287c7a264d C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
MD5: 7e04b1ade140f483a6581461568d8d9c C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
MD5: f54fff428bc887f08eb83674fbb321da C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
MD5: f50f7984fdd151edd8a70a8dbd9e2a44 c:\program files\hp\digital imaging\bin\hpqcxs08.dll
MD5: c83c0791fc7fa3cbe9be2825b8a47eaf c:\program files\hp\digital imaging\bin\hpqddcmn.dll
MD5: df446ba625cc441617843e87798ce048 c:\program files\hp\digital imaging\bin\hpqddsvc.dll
MD5: 2cc556f7106f0568787a0e28da3a4df7 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll
MD5: 8fc85c14b6316745670816f98693a100 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
MD5: 759a94a551d8dcc47343e302b50fd8e6 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
MD5: e88c8f90588e9f738a04fbf386fd987d C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll
MD5: 941a08cbdeedf16b6c986b6ba7c9a5d0 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MD5: 332889d2c21a5b728fbbd45d6c89661a C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll
MD5: b70278d1459a677639d51892160fd365 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
MD5: efb8937a7bf6dcedd0a10a79d2e756e2 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
MD5: 258977efc45fd728e929a8eb95554050 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
MD5: b3c25be824aff69567496ba8640218aa C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc
MD5: ac974eef7f6599964bcc4033d8d60d82 C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
MD5: d9335549eae48b14fb66efcb6ffae736 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
MD5: 6104f2921f31e1422c72b97f05bd9c5f C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
MD5: 4a8a49921534b030b27f16fc68fba1dc c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: 71d5d112fe02384a6faca6399dbda914 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
MD5: 062f3db9afa9c3ce0da52f28595c0c6d C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
MD5: 4b4a063542f603906d4a0cc5365475bd C:\Program Files\Internet Explorer\ieproxy.dll
MD5: ac05c6e4465bfbe6ef41fd6dd46e5b59 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 2b08bde2472d6e422e48d0609d37e050 C:\Program Files\internet explorer\xpshims.dll
MD5: b30f37242dd1c640dd5c770ff5b378ae C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: d64d0a8aa8ae4401a01293371adcf9d7 C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll
MD5: 97d4242a113be9577455144953b55d44 C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll
MD5: a3922cd380f968b898da4bb414c38900 C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: c309bce420e8ee900c3003584b528a30 c:\Program Files\Microsoft Office\Office12\EXSEC32.DLL
MD5: 3d480468001c3df200f908d3669d5b71 c:\Program Files\Microsoft Office\Office12\MSPST32.DLL
MD5: 2a84790f99149964aa2f26377f4475b8 c:\Program Files\Microsoft Office\Office12\OLMAPI32.DLL
MD5: ae755fd25fb2853c60c3556321d59fd4 C:\Program Files\Microsoft Office\Office12\OMSMAIN.DLL
MD5: a0f16cef17666ada3728544ccb7e72c3 C:\Program Files\Microsoft Office\Office12\OUTLACCT.DLL
MD5: 87ba0576429722df5b92fd43f55fad77 C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DLL
MD5: 3ac3466566f71745b2a711509ea84e4b C:\Program Files\Microsoft Office\Office12\OUTLMIME.DLL
MD5: a726ca553b011ebb41fcc4ff5e38b68a C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
MD5: c92d20a6e35e232004d83dc10a78878a C:\Program Files\Microsoft Office\Office12\USP10.DLL
MD5: e0bf563c97d8a716977cca7cd71d6830 C:\Program Files\Microsoft Office\Office12\WWLIB.DLL
MD5: 8e151a2a185daf9852322028abe55534 c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
MD5: 3cf38e211a477c10cef120fa38f0b998 C:\Program Files\PdaNet for Android\PdaNetPC.exe
MD5: 590c4454a1d36f76da1f636fad139771 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 6459b0bca8aa27eece3fbb391508c951 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
MD5: 877bc22d603597b1bc9479186436b472 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcherLOC.DLL
MD5: 4853273eec5fdff26d61eff3a415a9bd C:\Program Files\Webroot\Washer\WasherSvc.exe
MD5: 3f6095530d69f67314248c32798ea21e C:\Program Files\Yahoo!\Messenger\resources\en-US\res_msgr.dll
MD5: a3981755fbf4ca6ed591e716855ed58f C:\Program Files\Yahoo!\Messenger\yui.dll
MD5: a726ca553b011ebb41fcc4ff5e38b68a C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 1af873d82d3d6e4ea80026c82ab8e5c6 C:\WINDOWS\Downloaded Program Files\Photochannel.dll
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f8e9d5fbb2339fb71b770e89b577b360 C:\WINDOWS\RTHDCPL.exe
MD5: e1c456f933d27813b46ca4bb2071b947 C:\WINDOWS\system32\AppleOSSMgr.exe
MD5: 9c55d327a8a2a8234d43193adde2b5f0 C:\WINDOWS\system32\AppleTimeSrv.exe
MD5: 80aa4214c5bc0a355151bd115017313f C:\WINDOWS\system32\bthprops.cpl
MD5: f4c43c66471b87996d95db7a3a664a37 c:\windows\system32\bthserv.dll
MD5: d82a57c060543d79d0097e001df6c397 C:\WINDOWS\system32\CNMLM92.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: b1762156256b0238c21baa4c06cef727 C:\WINDOWS\system32\DEVMGR.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\System32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 7618d5218f2a614672ec61a80d854a37 C:\WINDOWS\System32\drivers\afd.sys
MD5: 6bb0152196f33e1f6f490edf48ab1ba9 C:\WINDOWS\system32\DRIVERS\applebt.sys
MD5: 1c8c86fbc8769be3024bb531a6788a69 C:\WINDOWS\system32\DRIVERS\applemtm.sys
MD5: 3fd269f1d21efba4a9ef1ab25e71a25f C:\WINDOWS\system32\DRIVERS\applemtp.sys
MD5: e9ea635b8432d68f0005b3f6cebab837 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
MD5: b279426e3c0c344893ed78a613a73bde C:\WINDOWS\system32\DRIVERS\BthEnum.sys
MD5: fca6f069597b62d42495191ace3fc6c1 C:\WINDOWS\system32\DRIVERS\bthmodem.sys
MD5: 80602b8746d3738f5886ce3d67ef06b6 C:\WINDOWS\system32\DRIVERS\bthpan.sys
MD5: 662bfd909447dd9cc15b1a1c366583b4 C:\WINDOWS\System32\Drivers\BTHport.sys
MD5: 61364cd71ef63b0f038b7e9df00f1efa C:\WINDOWS\System32\Drivers\BTHUSB.sys
MD5: d03d10f7ded688fecf50f8fbf1ea9b8a C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: 89f41658929393487b6b7d13c8528ce3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: 7baef646e550106b039849b72244a35a C:\WINDOWS\system32\DRIVERS\IRFilter.sys
MD5: 41ffd6cf9745c54fa2310cfec88ee5ed C:\WINDOWS\system32\drivers\KeyAgent.sys
MD5: f0135c184560c73aacd53ad07a9aa434 C:\WINDOWS\system32\DRIVERS\KeyMagic.sys
MD5: 419590ebe7855215bb157ea0cf0d0531 C:\WINDOWS\system32\DRIVERS\Lbd.sys
MD5: 67817e31acb988465aafe7d51888002b C:\WINDOWS\system32\drivers\MacHALDriver.sys
MD5: 59f57b06d1e3c7a3f22d62c7c5b4c3c3 C:\WINDOWS\system32\drivers\massfilter.sys
MD5: 0ea4d8ed179b75f8afa7998ba22285ca C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: d21fee8db254ba762656878168ac1db6 C:\WINDOWS\system32\drivers\npf.sys
MD5: c0329ea3cef1113f3d9ce5547040006e C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: 088335b06f75adbcbb81575c7cae6c43 C:\WINDOWS\system32\DRIVERS\pneteth.sys
MD5: 851c30df2807fcfa21e4c681a7d6440e C:\WINDOWS\system32\DRIVERS\rfcomm.sys
MD5: 613a2b00da1d4a80de1ec8cfb52c0d89 C:\WINDOWS\system32\drivers\RtkHDAud.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: fd600b032e741eb6aab509fc630f7c42 C:\WINDOWS\system32\DRIVERS\WinUSB.sys
MD5: f20fc720f74a2533d70cea1f4458f3c8 C:\WINDOWS\system32\DRIVERS\yk51x86.sys
MD5: 4692a3e087cf018808f376a3cc2128fa C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
MD5: 4692a3e087cf018808f376a3cc2128fa C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
MD5: 4692a3e087cf018808f376a3cc2128fa C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 0bc012900f03605e4b1dc0f152a41624 C:\WINDOWS\system32\hpz3l5mu.dll
MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\WINDOWS\system32\HPZinw12.dll
MD5: 79834aa2fbf9fe81eebb229024f6f7fc c:\windows\system32\hpzipm12.dll
MD5: af880166dac5880219f748ed83902cb2 C:\WINDOWS\system32\hpzipr12.dll
MD5: 22a978e7fe5e3b35b42c7bc7c14e2875 C:\WINDOWS\system32\ieframe.dll
MD5: a082a9b4fa6802f83d60b67ccee908e2 C:\WINDOWS\system32\iepeers.dll
MD5: 590a6247d56a8420898e6c4de0983f5c C:\WINDOWS\system32\iertutil.dll
MD5: f98bcad949ccd137dfe970d66dd0272b C:\WINDOWS\system32\IRW.exe
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: 1d7ba0cfbdb204b0a3be40bfa79ce6f1 C:\WINDOWS\system32\KB905474\wgasetup.exe
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 9c54f2cc2301599d698399d7e49c7321 C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx
MD5: c2ef2335f1b6c2be20a67d9098f6c9a1 C:\WINDOWS\system32\mshtml.dll
MD5: 8c22083ed515dc94d575438662f0be6a C:\WINDOWS\system32\msi.dll
MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll
MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll
MD5: 482069cda24aa0e94b1351e30eb3d01f C:\WINDOWS\system32\MsPMSNSv.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: f9dafd34ed8f79e4ddbfa445160f823f C:\WINDOWS\system32\nvapi.dll
MD5: 51d840d2a58e2a053c93b31e7e11ec47 C:\WINDOWS\system32\NvCpl.dll
MD5: 6c098179b7b6a2139d27a292e7ae4f2b C:\WINDOWS\system32\NvMcTray.dll
MD5: 39b9748775ea81c8672beec52cd53574 C:\WINDOWS\system32\nvsvc32.exe
MD5: e7a5226407a724632fb9c2cd07c04657 C:\WINDOWS\system32\nwiz.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 465a44b0bea469efaec998964964ca97 C:\WINDOWS\system32\PortableDeviceApi.dll
MD5: 8564b995e22f5354e6ea52a2bf1137fe C:\WINDOWS\system32\PortableDeviceTypes.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 0ab4cf81b9034209f8556cc92c829fa9 C:\WINDOWS\system32\sinvfct.dll
MD5: d9e4fe541e2d99a2ea5a0551d124044f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD92.DLL
MD5: 1fd0e4dcf4f9084df6138bc5fde6610f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5mu.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: c59c6bcfcd5f6ccf8c6d1bcdc4079e22 C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
MD5: 5fa52d59734cef1e2f3943d67ce37125 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: e837fdbb92e9873e538395b623f45462 C:\WINDOWS\system32\wbem\cimwin32.dll
MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll
MD5: c7000f2db2a5515c64c257478769a481 C:\WINDOWS\system32\wbem\unsecapp.exe
MD5: f192d49eefe297fa858b2c774ba2291d C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 99425f30d4d46b78dc7f613d5dcdb4b8 C:\WINDOWS\system32\WPDShServiceObj.dll
MD5: 46c55935fa730144449c884a472827e0 C:\WINDOWS\system32\wshbth.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\XmlLite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 16f3bb89525ee0a857923e63206409d9 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.DLL
MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCP80.dll
MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
MD5: 8610c33279089d92cc8022d3d97f82d5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL
MD5: e983dc6a5c218016252af33b6ca6bfcb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80U.DLL
MD5: e0b432f20fa54fa689949ac6dbc4c4ab C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\MSVCP90.dll
MD5: 355fe68a41ec27c2a3d1a6e86a582820 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.79 KB recvd
Scanned 643 files and modules - 23 seconds

==============================================================================


Combofix did not leave a logfile.

This computer was briefly used in a small business I no longer run and we now use it as our home computer so I will go ahead and install Avast.

Thankyou
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
aswMBR says your MBR is clean which is nice to know.

ESET found an infection in:
C:\Documents and Settings\Graham Sorgard\Application Data\Sun\Java\Deployment\cache\6.0\9\

which explains how you got infected. This is where Java saves files. There was an older outdated version of Java on the PC which was used to get on the PC. Since I assume you have already uninstalled the older Javas I would delete the whole folder:

C:\Documents and Settings\Graham Sorgard\Application Data\Sun\Java

then install the latest Java:

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


It looks like ESET also does not like your SpyAgent.

The other thing ESET found is just a file that OTL has removed and stored as a backup.

I don't see any reason why Combofix didn't run. Sometimes it has problems if the drive has bad sectors:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log or Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

We can use some other scans to see if they find anything:

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


We Need to check for Rootkits with RootRepeal

[*]Extract RootRepeal.exe from the archive.
Right click on rootrepeal.zip and Extract All. Then move to the folder it created and find rootrepeal.exe and run it.
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




Try running Combofix again after you run the Avast Boot-scan.

Ron
  • 0

#10
patrick79

patrick79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,
I just wanted to ask to keep this thread open. I have gotten crazy busy at work but will post response in next day or two. Thankyou
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,729 posts
  • MVP
I will be on a cruise ship for the next 4 days so won't be able to reply until I get off anyway. The thread should stay active but if it doesn't just send me a PM.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP