Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hard Drive is being Filled with Unknown data

Started by bruceRMC , Sep 05 2011 11:19 PM

  • This topic is locked This topic is locked

#1
bruceRMC
Posted 05 September 2011 - 11:19 PM

bruceRMC

    Member

  • Member
  • PipPip
  • 15 posts
I have a Dell Dimension 2002 model. 144 gb Capacity. We've always had lots of hard drive space free, but lately...seems like overnight it's filled. I keep deleting things that I think I can live without but it doesn't help. When I first noticed the problem, there was only 6% space free, it wouldn't even let me Defrag. I deleted lots and lots of stuff, removed programs and got it to 11% space free, but now, within a day it's back to only 6% free.

I put the computer in safe mode, ran Norton live update, full system scan and Malwarebytes Anti-Malware full system scan. The Norton scan found a few things and "fixed" them, Malwarebytes scan found nothing. Nearly everytime I get off the Internet I run a Virus Scan, and I keep up with emptying recycle bin, deleting history, cookies stuff like that.

I'm active on FB, Football Message board, and use YouTube quite a bit looking for old stuff. I almost think the problem started when I DL'ed "IMesh" which is a song downloading site. I have tried to remove it over and over, but I continually find IMESH stuff all over the Cdrive. After IMesh, the problem started as far as I can tell, not certain about that tho.

Hope you can help me, thank you very much in advance. Bruce.

OTL logfile created on: 9/5/2011 11:37:58 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Bruce\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 272.26 Mb Available Physical Memory | 26.85% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 5.91 Gb Free Space | 4.09% Space Free | Partition Type: NTFS

Computer Name: DDHXB291 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 23:31:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\My Documents\Downloads\OTL.exe
PRC - [2011/09/01 19:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 15:28:45 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:54 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 19:04:50 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 15:26:30 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/11 03:28:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/11 03:24:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 03:24:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:23:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 03:18:53 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/11 03:16:38 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/30 03:13:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/05/11 19:57:12 | 001,327,104 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddhps.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddatr.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/02/27 06:17:12 | 000,140,800 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddrui.dll
MOD - [2007/02/27 06:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/27 06:16:00 | 000,164,352 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddr.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/12/22 06:41:00 | 000,765,952 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddptpc.dll
MOD - [2006/10/06 18:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/08/11 09:17:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/25 10:41:54 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110903.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/03 22:20:56 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110905.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 22:20:56 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110905.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 20:27:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 20:27:54 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/14 20:10:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/10 20:27:45 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/05/02 12:23:30 | 000,024,520 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Bruce\Application Data\Facebook\npfbplugin_1_0_0.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/10 00:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/08/16 17:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_1_3 [2011/09/05 20:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/11 15:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 19:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/03 18:03:53 | 000,000,000 | ---D | M]

[2011/08/12 22:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2009/08/18 18:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\[email protected]
[2011/08/30 19:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions
[2010/09/09 15:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 22:38:01 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2010/12/16 21:17:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/15 04:50:38 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/08 15:32:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\[email protected]
[2011/08/05 22:58:45 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2010/10/31 07:44:36 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\searchplugins\askcom.xml
[2011/09/03 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 20:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BRUCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3DQL0KDC.DEFAULT\EXTENSIONS\{21E48E29-F574-4619-B65D-0F00EEA92E5B}.XPI
[2011/09/01 19:04:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/24 13:18:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/12 22:36:39 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2009/03/22 10:21:37 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1218034859312 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse...opcaploader.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C9AABA5-2369-4CD6-9691-18D48528B79F}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell - "" = AutoRun
O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f7b6e514-5bb9-11db-b65c-00038a000015}\Shell\AutoRun\command - "" = PCConnect.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 21:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/09/03 17:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\imeshbandmltbpi
[2011/09/03 17:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\AppData
[2011/09/03 17:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\WMTools Downloaded Files
[2011/08/13 11:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12EE
[2011/08/12 22:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\mediabarim
[2011/08/12 22:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/12 22:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\PackageAware
[2011/08/11 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/08/11 15:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2008/11/30 12:27:41 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2008/11/30 12:27:41 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2008/11/30 12:27:41 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/11/30 12:27:40 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2008/11/30 12:27:40 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2008/11/30 12:27:39 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2008/11/30 12:27:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2008/11/30 12:27:39 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2008/11/30 12:27:38 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2008/11/30 12:27:37 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2008/11/30 12:27:37 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2008/11/30 12:27:35 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2008/11/30 12:27:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2008/11/30 12:27:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2008/11/30 12:27:33 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 23:42:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{09D97BF4-D92A-4240-AE96-1F630206FA16}.job
[2011/09/05 23:32:33 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to OTL.lnk
[2011/09/05 23:05:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/05 22:12:39 | 000,037,922 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2011/09/05 22:11:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Office Word 2007.lnk
[2011/09/05 21:05:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 20:49:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 20:49:24 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
[2011/09/05 20:45:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 20:45:23 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 20:35:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
[2011/09/05 20:35:38 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
[2011/09/05 19:08:51 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE52CF1C-62DE-4E67-B073-1732014F6DDB}.job
[2011/09/05 04:00:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DDHXB291-Bruce).job
[2011/09/04 20:44:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
[2011/09/04 20:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
[2011/09/03 21:05:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/03 20:23:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
[2011/09/03 18:13:13 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 17:37:09 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/08/24 18:53:38 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/24 18:53:38 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\4468BF3C5D.sys
[2011/08/24 18:53:33 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\WordPerfect.lnk
[2011/08/24 00:08:17 | 002,615,936 | ---- | M] () -- C:\Documents and Settings\Bruce\My Documents\CCR - Run Through the jungle.mp3
[2011/08/24 00:00:01 | 000,011,241 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\Folder.jpg
[2011/08/24 00:00:01 | 000,011,241 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Large.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArtSmall.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Small.jpg
[2011/08/17 13:10:08 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/11 15:30:03 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/08/11 15:28:50 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/08/11 03:17:18 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 03:17:18 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 03:12:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 23:32:33 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to OTL.lnk
[2011/09/05 20:34:07 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/24 00:00:01 | 000,011,241 | -HS- | C] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Large.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | C] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Small.jpg
[2011/08/22 20:48:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/17 13:10:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/11 15:30:03 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/17 18:49:39 | 000,084,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/16 19:41:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/16 19:36:17 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/11/02 20:39:56 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/08/27 12:42:55 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/03/21 15:22:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/12/19 10:50:56 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSmtvd.dat
[2008/12/14 17:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2008/11/30 12:30:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2008/11/30 12:30:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2008/11/30 12:29:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2008/11/30 12:29:18 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2008/11/30 12:29:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2008/11/30 12:28:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/11/30 12:27:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/11/30 12:27:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/04 23:42:32 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/03/19 16:29:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/22 01:56:39 | 032,279,040 | ---- | C] () -- C:\Program Files\dell_support_center.msi
[2007/11/15 12:22:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2007/11/07 21:46:17 | 000,001,090 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/04 10:25:52 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/02 00:26:13 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 18:57:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/10/20 16:57:35 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\PFP120JPR.{PB
[2006/10/20 16:57:35 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\PFP120JCM.{PB
[2006/10/14 16:12:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/14 16:12:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4468BF3C5D.sys
[2006/10/10 21:21:03 | 000,000,726 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/10 16:39:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/10 15:11:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/09 15:31:16 | 000,000,745 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/07 15:10:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/22 16:13:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/22 16:07:48 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/22 16:04:09 | 000,000,309 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/22 16:01:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/22 15:38:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/22 15:37:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/22 15:37:16 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/02/08 16:43:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== LOP Check ==========

[2011/08/13 11:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12EE
[2008/12/28 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/08/13 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/11/11 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/01/07 23:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2007/05/05 21:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/09/27 22:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/11/12 17:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/12/07 01:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/21 10:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/30 01:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/05 20:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/12/07 08:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 11:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/14 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Facebook
[2011/09/03 17:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\imeshbandmltbpi
[2009/01/01 02:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\IObit
[2006/10/09 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Leadertech
[2011/01/13 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Lexmark Productivity Studio
[2011/09/03 20:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\mediabarim
[2008/09/02 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Snapfish
[2010/02/13 00:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Tific
[2011/09/05 23:42:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{09D97BF4-D92A-4240-AE96-1F630206FA16}.job
[2011/09/05 19:08:51 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE52CF1C-62DE-4E67-B073-1732014F6DDB}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81C88EA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >

OTL Extras logfile created on: 9/5/2011 11:37:58 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Bruce\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 272.26 Mb Available Physical Memory | 26.85% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 5.91 Gb Free Space | 4.09% Space Free | Partition Type: NTFS

Computer Name: DDHXB291 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: -- ()
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5DC09527-BE89-4FD0-AF67-73FBA5EEB8BC}" = SA30xx Media Converter
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{660EA583-164F-42F8-8A08-D1DE81BD764B}" = ebgcRes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D968C4E0-022A-461D-A69E-19A4E7A55000}" = ebgcRes
"{DC567978-4DE8-47B9-B09D-06D2120AF0ED}" = AntietamCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Audacity_is1" = Audacity 1.2.3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720" = Dell Photo Printer 720
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh 1 MediaBar" = MediaBar
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lexmark 2500 Series" = Lexmark 2500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2011 1:49:33 PM | Computer Name = DDHXB291 | Source = MsiInstaller | ID = 11921
Description = Product: Ad-Aware -- Error 1921. Service 'Lavasoft Ad-Aware Service'
(aawservice) could not be stopped. Verify that you have sufficient privileges
to stop system services.

Error - 8/17/2011 5:10:17 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/17/2011 5:10:22 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/17/2011 5:12:15 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/17/2011 5:15:23 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/2/2011 12:46:14 AM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/2/2011 12:46:19 AM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/2/2011 12:48:15 AM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/5/2011 9:33:11 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/5/2011 9:33:17 PM | Computer Name = DDHXB291 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ OSession Events ]
Error - 11/19/2007 6:21:07 PM | Computer Name = DDHXB291 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 206
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/5/2011 9:32:47 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 9/5/2011 9:32:47 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1068

Error - 9/5/2011 9:32:47 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/5/2011 9:32:47 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI
Tcpip

Error - 9/5/2011 9:33:20 PM | Computer Name = DDHXB291 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/5/2011 9:37:46 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 9/5/2011 9:48:55 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 9/5/2011 9:55:30 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/5/2011 9:55:36 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/5/2011 9:55:40 PM | Computer Name = DDHXB291 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V7 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

Advertisements

#2
maliprog
Posted 05 September 2011 - 11:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello bruceRMC and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - File not found
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
    O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{f7b6e514-5bb9-11db-b65c-00038a000015}\Shell\AutoRun\command - "" = PCConnect.exe
    [2011/09/03 17:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\imeshbandmltbpi
    [2011/08/13 11:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12EE
    [2011/08/12 22:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\mediabarim

    :Files
    C:\WINDOWS\system32\sbe.dll
    C:\WINDOWS\system32\quartz.dll
    C:\WINDOWS\system32\msdmo.dll
    C:\WINDOWS\system32\devenum.dll

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
bruceRMC
Posted 08 September 2011 - 08:04 PM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
maliprog...
I'm going to post the results of step one. I've been having trouble with step two, the Rootkit/Malware scan. The first time I let it go overnight, when I woke up the computer was froze in shut down mode because Windows had tried to dl something on my computer (automatically) and needed to reboot. I wasn't connected to the Internet, so there's no way Microsoft could've dl'ed something, but anyway I tried to run the scan a second time. It scanned my area, my wife's and son's, then went into over five hours of "back up" files. It scanned more than 7 hours...I don't know exactly when it stopped, or if it got done scanning even. I had babysit the computer for that seven hours, and then set the alarm to get up in two hours to save it. When I woke up, the computer seemed to be froze up again with a message that an error had occurred. I couldn't save anything because no results were showing, just the original screen for the GMER Rootkit. Sorry to have to go into this long spiel, I'm trying to explain what happened because maybe you know what to do.

In the meantime, today my wife decided to remove everything she had on the computer, 15 gigs worth onto a flash drive. She thinks a "wipe" is necessary and wants me to put my data on a flash drv. so we can do a system restore to original settings, but I told her I want to try this scan once more. If you have any suggestions, please let me know or if you think the system restore is a good idea. In the meantime I'm going to try and run the GMER scan a third time and hopefully post those results tomorrow or late tomorrow. I'm afraid something is going wrong at the end of the GMER though, because twice it has freaked out and not let me save.

Here is the scan from step one...

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb81d70e-97ab-11dd-b7be-00123fb6f847}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7b6e514-5bb9-11db-b65c-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7b6e514-5bb9-11db-b65c-00038a000015}\ not found.
File PCConnect.exe not found.
C:\Documents and Settings\Bruce\Application Data\imeshbandmltbpi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\12EE folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\mediabarim\weather folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\mediabarim\coupons folder moved successfully.
C:\Documents and Settings\Bruce\Application Data\mediabarim folder moved successfully.
========== FILES ==========
C:\WINDOWS\system32\sbe.dll moved successfully.
C:\WINDOWS\system32\quartz.dll moved successfully.
C:\WINDOWS\system32\msdmo.dll moved successfully.
C:\WINDOWS\system32\devenum.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 81 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Bruce
->Temp folder emptied: 691090 bytes
->Temporary Internet Files folder emptied: 15950972 bytes
->Java cache emptied: 98260380 bytes
->FireFox cache emptied: 119848335 bytes
->Google Chrome cache emptied: 87827591 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 1929900 bytes

User: caleb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 59966597 bytes
->FireFox cache emptied: 18615791 bytes
->Flash cache emptied: 57281 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3432352 bytes
->Flash cache emptied: 56543 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 2163423 bytes
->FireFox cache emptied: 10849883 bytes
->Flash cache emptied: 1934 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 193746 bytes

User: NetworkService
->Temp folder emptied: 2278882 bytes
->Temporary Internet Files folder emptied: 2401776 bytes

User: tami
->Temp folder emptied: 11750479 bytes
->Temporary Internet Files folder emptied: 84440 bytes
->Java cache emptied: 111644939 bytes
->FireFox cache emptied: 49320060 bytes
->Google Chrome cache emptied: 246392190 bytes
->Apple Safari cache emptied: 2253824 bytes
->Flash cache emptied: 103758 bytes

%systemdrive% .tmp files removed: 49065 bytes
%systemroot% .tmp files removed: 255455 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7669295 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 224204200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,028.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Bruce
->Flash cache emptied: 0 bytes

User: caleb
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: tami
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09062011_220354

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_860.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
maliprog
Posted 08 September 2011 - 11:45 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi bruceRMC,

Don't run GMER for now. On some infected system GMER dosn't work. Shut it down and try this instead:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
bruceRMC
Posted 09 September 2011 - 04:23 PM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the log from ComboFix...computer is running good. It's really been running pretty good throughout this thing, except for High CPU usage alerts all the time.
I wanted to say...it never gave me a choice of where to Download Combofix. It just took off. Unless there was a RUN or SAVE button and I hit the wrong one. I'm not very computer literate at all, so it's possible that I did the wrong thing.


ComboFix 11-09-09.04 - Bruce 09/09/2011 16:35:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.189 [GMT -5:00]
Running from: c:\documents and settings\Bruce\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\All Users\SPL1A31.tmp
c:\documents and settings\All Users\SPL1CAF.tmp
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ConfigWizards.exe.7492e342.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini.inuse
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\mmc.exe.959a7e97.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\SLCA.tmp.8cdd358b.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini
c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse
c:\documents and settings\Bruce\WINDOWS
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\tami\WINDOWS
c:\windows\kb913800.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 22:00 . 2011-09-09 22:01 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\ApplicationHistory
2011-09-07 03:03 . 2011-09-07 03:03 -------- dc----w- C:\_OTL
2011-09-04 02:25 . 2011-09-04 02:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2011-09-03 22:53 . 2011-09-03 22:53 -------- d-----w- c:\documents and settings\Bruce\AppData
2011-09-03 22:45 . 2011-09-03 22:45 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\WMTools Downloaded Files
2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-13 03:36 . 2011-08-13 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-13 03:31 . 2011-08-13 03:31 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\PackageAware
2011-08-11 20:30 . 2011-08-11 20:30 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-08-11 20:29 . 2011-08-11 20:29 -------- d-----w- c:\program files\Common Files\xing shared
2011-08-11 20:29 . 2011-08-11 20:29 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-08-11 20:28 . 2011-08-11 20:28 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-11 20:26 . 2011-06-10 18:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2005-12-22 20:36 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 01:10 . 2011-03-26 01:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-15 01:10 . 2011-03-26 01:34 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-08 14:02 . 2005-08-16 10:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2005-08-16 10:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-08-16 10:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2007-12-07 06:54 . 2007-11-22 06:56 32279040 ----a-w- c:\program files\dell_support_center.msi
2011-09-02 00:04 . 2011-03-26 13:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [7/14/2011 8:10 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [7/14/2011 8:10 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 9:32 PM 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [7/14/2011 8:10 PM 136312]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/30/2008 12:30 PM 99248]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [7/14/2011 8:10 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 2:37 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110908.030\IDSXpx86.sys [9/8/2011 8:56 PM 356280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:25 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:25 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:25]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:25]
.
2011-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-09 c:\windows\Tasks\User_Feed_Synchronization-{09D97BF4-D92A-4240-AE96-1F630206FA16}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-09-09 c:\windows\Tasks\User_Feed_Synchronization-{AE52CF1C-62DE-4E67-B073-1732014F6DDB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
AddRemove-Dell Photo Printer 720 - c:\windows\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE
AddRemove-iMesh 1 MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 17:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4032)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
**************************************************************************
.
Completion time: 2011-09-09 17:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 22:08
.
Pre-Run: 17,825,902,592 bytes free
Post-Run: 19,848,462,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8A3DB723C0BF53DE3CDFF6C5F91A76A8
  • 0

#6
maliprog
Posted 10 September 2011 - 07:22 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi bruceRMC,

How is your system now? Any sign of malware?
  • 0

#7
bruceRMC
Posted 10 September 2011 - 09:34 AM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi maliprog...

The computer has run pretty good throughout this whole thing, except for continual "high CPU usage" and "high memory usage" alerts, and some days where it has creeped, and things like what's happening now, where I'm typing this in and I've had to stop a couple times and wait for it to catch up.

You ask me, is there any sign of malware, how do I tell?

I still have the problem of my hard drive showing that it's nearly full, and there's hardly anything on this computer, if you look at all the files and folders and programs. When I first contacted geekstogo, there was less than 6% free space out of 144 gb, now after deleting two out of three users, we've squeezed 20 percent free. There's one user left, me, and according to my "Properties" I'm using 1.77 gb. Will I have to do system restore back to original settings or some other kind of wipe to get that space back and not keep having the continual alerts?
  • 0

#8
maliprog
Posted 10 September 2011 - 10:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

The computer has run pretty good throughout this whole thing, except for continual "high CPU usage" and "high memory usage" alerts, and some days where it has creeped, and things like what's happening now, where I'm typing this in and I've had to stop a couple times and wait for it to catch up.

You ask me, is there any sign of malware, how do I tell?


You just did :). From your description I think there is still something hiding on your system. Does your disk continue to loose space now or this process has stopped.

Let's do this scan. It does take some time to finish but it's worthed.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#9
bruceRMC
Posted 11 September 2011 - 10:07 PM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
maliprog...

Kaspersky Virus Tool wouldn't let me "Save" a report because there was no report to save. On the left hand side, during all 11 hrs. and 8 minutes of the scan it said no detected threats and it said that after the scan. The Detected Threats report on the Report tab was blank, I clicked on Save but it wouldn't save the blank page.
  • 0

#10
maliprog
Posted 11 September 2011 - 11:27 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi bruceRMC,

That's good.

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Can you start Task Manager by pressing Ctrl + Alt + Del and write down to me what process takes so much CPU Usage and Memory usage.

Step 4

I understood that you have freed some disk space. Does it stays that way or you lost it again?

Step 5

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

Advertisements

#11
bruceRMC
Posted 12 September 2011 - 07:33 AM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7698

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/12/2011 8:20:17 AM
mbam-log-2011-09-12 (08-20-17).txt

Scan type: Quick scan
Objects scanned: 226656
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
bruceRMC
Posted 12 September 2011 - 07:40 AM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 9/12/2011 8:24:37 AM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Bruce\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 316.40 Mb Available Physical Memory | 31.20% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 8.64 Gb Free Space | 5.99% Space Free | Partition Type: NTFS

Computer Name: DDHXB291 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 23:31:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\My Documents\Downloads\OTL.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:54 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 03:28:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/11 03:24:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 03:24:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:23:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 03:18:53 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/11 03:16:38 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/30 03:13:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/11 20:27:24 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/05/11 19:57:12 | 001,327,104 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddhps.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddatr.dll
MOD - [2007/03/06 09:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/02/27 06:17:12 | 000,140,800 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddrui.dll
MOD - [2007/02/27 06:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/27 06:16:00 | 000,164,352 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdddr.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2007/01/09 18:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll
MOD - [2006/12/22 06:41:00 | 000,765,952 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddptpc.dll
MOD - [2006/10/06 18:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/08/11 09:17:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/25 10:41:54 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110908.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/03 22:20:56 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110911.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 22:20:56 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110911.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 20:27:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 20:27:54 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/14 20:10:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/06/18 10:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/10 20:27:45 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/05/02 12:23:30 | 000,024,520 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Bruce\Application Data\Facebook\npfbplugin_1_0_0.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/10 00:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/08/16 17:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_1_3 [2011/09/12 07:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/11 15:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 17:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/03 18:03:53 | 000,000,000 | ---D | M]

[2011/08/12 22:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2009/08/18 18:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions\[email protected]
[2011/08/30 19:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions
[2010/09/09 15:18:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/12 22:38:01 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2010/12/16 21:17:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/15 04:50:38 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/08 15:32:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\[email protected]
[2011/08/05 22:58:45 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2010/10/31 07:44:36 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\3dql0kdc.default\searchplugins\askcom.xml
[2011/09/03 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 20:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BRUCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3DQL0KDC.DEFAULT\EXTENSIONS\{21E48E29-F574-4619-B65D-0F00EEA92E5B}.XPI
[2011/09/09 17:49:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/24 13:18:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/12 22:36:39 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2011/09/09 17:00:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1218034859312 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse...opcaploader.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C9AABA5-2369-4CD6-9691-18D48528B79F}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 17:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\ApplicationHistory
[2011/09/09 16:24:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/09 16:19:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/09 16:19:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/09 16:19:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/09 16:19:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/09 16:18:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/09 16:18:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/06 22:03:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/03 21:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/09/03 17:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\AppData
[2011/09/03 17:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\WMTools Downloaded Files
[2008/11/30 12:27:41 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2008/11/30 12:27:41 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2008/11/30 12:27:41 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/11/30 12:27:40 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2008/11/30 12:27:40 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2008/11/30 12:27:39 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2008/11/30 12:27:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2008/11/30 12:27:39 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2008/11/30 12:27:38 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2008/11/30 12:27:37 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2008/11/30 12:27:37 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2008/11/30 12:27:35 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2008/11/30 12:27:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2008/11/30 12:27:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2008/11/30 12:27:33 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/09/12 08:28:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE52CF1C-62DE-4E67-B073-1732014F6DDB}.job
[2011/09/12 08:28:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{09D97BF4-D92A-4240-AE96-1F630206FA16}.job
[2011/09/12 08:11:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/12 08:10:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/12 08:03:03 | 000,038,130 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2011/09/12 07:55:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
[2011/09/12 07:55:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/12 07:55:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
[2011/09/12 07:55:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
[2011/09/12 07:54:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 07:54:00 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/11 20:44:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1007.job
[2011/09/11 20:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1006.job
[2011/09/11 11:32:01 | 106,458,656 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\setup_11.0.0.1245.x01_2011_09_11_19_04.exe
[2011/09/10 21:05:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/10 20:23:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1965894720-2370674358-358661442-1005.job
[2011/09/10 12:15:50 | 006,350,976 | ---- | M] () -- C:\Documents and Settings\Bruce\My Documents\Luther Barnes - Spirit fall down.mp3
[2011/09/10 11:59:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 11:34:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Office Word 2007.lnk
[2011/09/09 17:00:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/09 16:32:06 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to ComboFix.exe.lnk
[2011/09/09 16:24:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/09/06 22:13:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\h628v197.exe
[2011/09/05 23:32:33 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to OTL.lnk
[2011/09/03 18:13:13 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 17:37:09 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/08/24 18:53:38 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/24 18:53:38 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\4468BF3C5D.sys
[2011/08/24 18:53:33 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\WordPerfect.lnk
[2011/08/24 03:00:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/24 00:08:17 | 002,615,936 | ---- | M] () -- C:\Documents and Settings\Bruce\My Documents\CCR - Run Through the jungle.mp3
[2011/08/24 00:00:01 | 000,011,241 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\Folder.jpg
[2011/08/24 00:00:01 | 000,011,241 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Large.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArtSmall.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | M] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Small.jpg
[2011/08/17 13:10:08 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini

========== Files Created - No Company Name ==========

[2011/09/12 08:11:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/12 07:54:00 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/11 11:28:54 | 106,458,656 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\setup_11.0.0.1245.x01_2011_09_11_19_04.exe
[2011/09/09 16:32:06 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to ComboFix.exe.lnk
[2011/09/09 16:24:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/09/09 16:24:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/09 16:19:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/09 16:19:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/09 16:19:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/09 16:19:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/09 16:19:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/06 22:13:27 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\h628v197.exe
[2011/09/05 23:32:33 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Shortcut to OTL.lnk
[2011/08/24 00:00:01 | 000,011,241 | -HS- | C] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Large.jpg
[2011/08/24 00:00:01 | 000,002,737 | -HS- | C] () -- C:\Documents and Settings\Bruce\My Documents\AlbumArt_{F6ADD707-F570-4AFF-8EED-4B1DD5E1382A}_Small.jpg
[2011/08/22 20:48:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/17 13:10:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/04/17 18:49:39 | 000,084,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/16 19:41:37 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/16 19:36:17 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/11/02 20:39:56 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/08/27 12:42:55 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/03/21 15:22:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/12/19 10:50:56 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSmtvd.dat
[2008/12/14 17:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2008/11/30 12:30:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2008/11/30 12:30:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2008/11/30 12:29:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2008/11/30 12:29:18 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2008/11/30 12:29:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2008/11/30 12:28:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/11/30 12:27:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/11/30 12:27:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/04 23:42:32 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/03/19 16:29:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/22 01:56:39 | 032,279,040 | ---- | C] () -- C:\Program Files\dell_support_center.msi
[2007/11/15 12:22:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2007/11/07 21:46:17 | 000,001,090 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/04 10:25:52 | 000,003,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/02 00:26:13 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 18:57:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/10/20 16:57:35 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\PFP120JPR.{PB
[2006/10/20 16:57:35 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bruce\Application Data\PFP120JCM.{PB
[2006/10/14 16:12:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/14 16:12:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4468BF3C5D.sys
[2006/10/10 21:21:03 | 000,000,726 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/10 16:39:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/10 15:11:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/09 15:31:16 | 000,000,745 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/07 15:10:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\fusioncache.dat
[2005/12/22 16:13:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/22 16:07:48 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/22 16:04:09 | 000,000,309 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/22 16:01:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/22 15:38:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/22 15:37:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/22 15:37:16 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/02/08 16:43:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== LOP Check ==========

[2008/12/28 20:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/08/13 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/11/11 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/01/07 23:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2007/05/05 21:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/09/27 22:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/11/12 17:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/12/07 01:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/21 10:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/30 01:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/05 20:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/12/07 08:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 11:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/14 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Facebook
[2009/01/01 02:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\IObit
[2006/10/09 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Leadertech
[2011/01/13 22:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Lexmark Productivity Studio
[2008/09/02 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Snapfish
[2010/02/13 00:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce\Application Data\Tific
[2011/09/12 08:28:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{09D97BF4-D92A-4240-AE96-1F630206FA16}.job
[2011/09/12 08:28:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE52CF1C-62DE-4E67-B073-1732014F6DDB}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81C88EA7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >
  • 0

#13
bruceRMC
Posted 12 September 2011 - 07:59 AM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Task Manager
Highest CPU users

aawservice.exe - 50
system idle pr... - 50

When the High CPU Usage box appears, it says "by ad aware"
High Memory Usage box says "by Firefox"


Highest Memory users
aawservie.exe - 150388 k
firefox.exe - 135096 k

Not sure that is what you wanted to know, or if there was another way I was supposed to do that.

As far as, losing disc space, between Friday night and Saturday night, the disc lost 10 gigs. That was before any of the last three scans. It's now down to 8.63 from 18g, and I'm keeping the computer turned off between our correspondence so I don't lose any more.
  • 0

#14
maliprog
Posted 13 September 2011 - 12:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try to find your disk space.

Step 1

Go to here: http://www.softpedia... ... port.shtml
Download JDiskReport
Install and run it to scan the C: drive.
When the Pie chart comes up, Click on "View" in the top menu and choose "Copy To Clipboard"

Open a reply here and paste (Ctrl+V) the results.

Step 2


Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Make sure to check all boxes.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Step 3

Please don't forget to include these items in your reply:

  • JDiskReport log
  • Rootkit UnHooker log
It would be helpful if you could post each log in separate post
  • 0

#15
bruceRMC
Posted 13 September 2011 - 07:43 AM

bruceRMC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Size details for C:\

Name File Size Files % of Parent % of Total
C:\ 145,012,648 257,636 100.0% 100.0%
N360_BACKUP 105,763,759 143,613 72.9% 72.9%
Documents and Settings 16,006,622 44,736 11.0% 11.0%
WINDOWS 9,900,640 32,584 6.8% 6.8%
RECYCLER 3,672,749 791 2.5% 2.5%
Program Files 2,966,719 24,226 2.0% 2.0%
Files in this directory 2,599,731 61 1.8% 1.8%
i386 1,199,074 8,188 0.8% 0.8%
System Volume Information 1,148,879 935 0.8% 0.8%
IUware Online 985,771 392 0.7% 0.7%
MSOCache 542,227 84 0.4% 0.4%
drivers 150,216 1,426 0.1% 0.1%
Randy's Dumb stuff 48,124 17 0.0% 0.0%
dell 10,458 262 0.0% 0.0%
cmdcons 7,946 225 0.0% 0.0%
Qoobox 5,640 57 0.0% 0.0%
_OTL 2,274 22 0.0% 0.0%
Netscape 1,404 1 0.0% 0.0%
5a22d647cca6cf6bdea0f0 283 1 0.0% 0.0%
Netgear 118 14 0.0% 0.0%
spoolerlogs 22 1 0.0% 0.0%
77dde2da31c15c3676d4e8e956885099 0 0 0.0% 0.0%
Config.Msi 0 0 0.0% 0.0%
logs 0 0 0.0% 0.0%
My Games 0 0 0.0% 0.0%
My Music 0 0 0.0% 0.0%
users 0 0 0.0% 0.0%
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP