Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rootkit/Trojan Infection--Norton Logs May Tell More

Started by dolsson , Oct 29 2011 04:19 PM

Please log in to reply

#1
dolsson

Posted 29 October 2011 - 04:19 PM

Member

Member
17 posts

Was testing freeware and got infected. Norton Security Suite was running and reported blocking some rootkit and trojan activity. I crossed my fingers but then Norton crashed and I cannot run its scan. Have tried ESET (could not update its database) and Trend Micro online (would not run). Firefox is unable to connect so I am running IE. It works as long as I paste into the address field--hyperlinks get redirected. I have a second computer from which to work on this problem but I was also able to download and run OTL on the infected machine--log is pasted below.

I don't recall the details of the Norton alerts, which appeared for only a few seconds, but maybe there are logs somewhere. I just don't know where.

I have a court appearance next week and must have this computer cleaned to prepare for it, so I am highly motivated to coooperate with your advice. Please help (I am very good at following directions and communicating clearly

).

Thanks,
D

OTL logfile created on: 10/29/2011 2:56:00 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\***name removed for privacy***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 60.81% Memory free
4.68 Gb Paging File | 3.48 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.04 Gb Total Space | 6.25 Gb Free Space | 13.57% Space Free | Partition Type: NTFS
Drive D: | 577.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 687.33 Gb Total Space | 454.45 Gb Free Space | 66.12% Space Free | Partition Type: NTFS

Computer Name: ***name removed for privacy*** | User Name: ***name removed for privacy*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/29 14:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***name removed for privacy***\Desktop\OTL.exe
PRC - [2011/10/29 14:09:47 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2011/10/29 14:06:23 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/07/21 07:29:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/04/28 17:28:11 | 000,099,768 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\uistub.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/17 14:33:42 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/01 20:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/12/06 05:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 05:56:38 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/02/14 02:13:36 | 002,465,792 | ---- | M] (SourceForge.net) -- C:\Program Files\Password Safe\pwsafe.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 11:42:26 | 001,566,160 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2008/03/26 16:57:12 | 000,038,352 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/08/15 07:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/16 19:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/06/07 17:25:14 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\xvid.ax
MOD - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 17:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2007/05/23 18:19:16 | 000,069,632 | ---- | M] () -- C:\Program Files\IDrive\GetMailPaths.dll
MOD - [2006/12/11 13:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/10/22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe
MOD - [2004/10/04 04:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (AdobeActiveFileMonitor)
SRV - [2011/10/29 14:09:47 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2011/10/29 14:06:23 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] () [Unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/02/17 14:33:42 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 05:56:38 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/09 11:02:36 | 000,153,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IDrive\IDrivePlugin.exe -- (IDrivePlugin)
SRV - [2007/12/12 22:03:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)

========== Driver Services (SafeList) ==========

DRV - [2011/10/14 16:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111028.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/03 18:34:21 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111028.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 18:34:21 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111028.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 16:55:06 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 16:55:06 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/23 21:26:05 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/31 15:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/17 14:33:53 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/02/17 14:33:36 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/02/17 14:33:33 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/12/23 13:30:01 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/08/18 15:54:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/15 07:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 11:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/11 10:02:12 | 000,006,784 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\PC Wizard 2006\pcw86-32.sys -- (pcwe)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.049
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/29 12:29:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_2_3 [2011/10/17 14:35:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2011/10/29 14:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2011/09/29 12:27:24 | 000,000,000 | ---D | M]

[2009/06/12 12:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Extensions
[2011/10/06 10:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions
[2010/04/12 09:16:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 14:57:55 | 000,000,000 | ---D | M] (Diccionario espaÃ±ol Mexico) -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\[email protected]
[2011/05/24 09:49:13 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\searchplugins\safesearch.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***name removed for privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***name removed for privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***name removed for privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***name removed for privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/05/23 20:21:55 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts: 192.168.0.66 HP000D9D23724F
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\***name removed for privacy***\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = File not found
O4 - Startup: C:\Documents and Settings\***name removed for privacy***\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\***name removed for privacy***\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\***name removed for privacy***\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (Endicosoft.com)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: valic.com ([www3] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_5.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1168112709250 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168112702734 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpres...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: PLLiveUpWeb http://support.pclaw...PLLiveUpWeb.CAB (Reg Error: Key error.)
O16 - DPF: PLLiveUpWeb2 http://support.pclaw...LLiveUpWeb2.cab (Reg Error: Key error.)
O16 - DPF: PLUpdate http://www.pclaw.com/PLUpdate.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7D3A1B-60EF-41D2-9A5B-B3FC4064334E}: DhcpNameServer = 68.87.69.150 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\***name removed for privacy***\My Documents\My Pictures\BC Doin Nothing Background copy.gif
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:29:12 | 001,070,488 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/04 10:38:36 | 000,000,167 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (a)
O34 - HKLM BootExecute: (u)
O34 - HKLM BootExecute: (t)
O34 - HKLM BootExecute: (o)
O34 - HKLM BootExecute: ©
O34 - HKLM BootExecute: (h)
O34 - HKLM BootExecute: (k)
O34 - HKLM BootExecute: (*)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/29 14:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/29 13:59:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\2021572f
[2011/10/29 13:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***name removed for privacy***\Desktop\OptiCut_Bar_Pro_v5_03_keygen_by_ENGiNE
[2011/10/29 12:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Boole & Partners
[2011/10/29 12:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boole & Partners
[2011/10/29 12:39:15 | 002,629,632 | ---- | C] (Boole & Partners) -- C:\Documents and Settings\***name removed for privacy***\Desktop\installopticoupe.exe
[2011/10/29 12:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nirvana
[2011/10/29 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Nirvana
[2011/10/29 12:32:15 | 021,237,064 | ---- | C] (Nirvana Technologies Pvt. Ltd. ) -- C:\Documents and Settings\***name removed for privacy***\Desktop\plus2d_dp_wood.exe
[2011/10/29 12:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SL2010
[2011/10/29 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\SL2010
[2011/10/29 12:20:51 | 004,985,822 | ---- | C] (Productivity Systems LLC) -- C:\Documents and Settings\***name removed for privacy***\Desktop\SheetLayout2010-Setup_4.exe
[2011/10/29 12:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***name removed for privacy***\Desktop\CUTLIST
[2011/10/27 09:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***name removed for privacy***\My Documents\TC2000
[2007/04/11 18:42:01 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/29 15:06:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/29 14:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***name removed for privacy***\Desktop\OTL.exe
[2011/10/29 14:35:43 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 13:59:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\794239264
[2011/10/29 12:39:24 | 002,629,632 | ---- | M] (Boole & Partners) -- C:\Documents and Settings\***name removed for privacy***\Desktop\installopticoupe.exe
[2011/10/29 12:36:03 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PLUS 2D.lnk
[2011/10/29 12:32:47 | 021,237,064 | ---- | M] (Nirvana Technologies Pvt. Ltd. ) -- C:\Documents and Settings\***name removed for privacy***\Desktop\plus2d_dp_wood.exe
[2011/10/29 12:20:52 | 004,985,822 | ---- | M] (Productivity Systems LLC) -- C:\Documents and Settings\***name removed for privacy***\Desktop\SheetLayout2010-Setup_4.exe
[2011/10/29 12:16:28 | 000,300,376 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Desktop\CUTLIST.zip
[2011/10/27 09:22:10 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Desktop\TC2000.lnk
[2011/10/27 09:12:23 | 000,000,467 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/27 07:34:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
[2011/10/25 16:23:31 | 000,000,247 | ---- | M] () -- C:\WINDOWS\PLREMOTE.INI
[2011/10/25 14:26:42 | 000,006,089 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\PrimoPDFSet.xml
[2011/10/25 14:26:07 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\APUSet.xml
[2011/10/17 14:35:40 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/17 14:35:22 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
[2011/10/17 14:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/17 14:34:50 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 08:53:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/17 08:49:21 | 000,515,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/17 08:49:21 | 000,094,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/17 08:38:23 | 000,195,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 07:34:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/29 14:06:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/29 13:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\794239264
[2011/10/29 12:36:02 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PLUS 2D.lnk
[2011/10/29 12:16:26 | 000,300,376 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Desktop\CUTLIST.zip
[2011/10/27 09:22:10 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Start Menu\Programs\TC2000.lnk
[2011/10/27 09:22:10 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Desktop\TC2000.lnk
[2011/08/30 08:49:05 | 000,469,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/18 15:28:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 15:22:40 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 08:40:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2011/01/13 15:40:45 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/13 15:40:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/18 10:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/08/31 16:27:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/14 10:55:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\housecall.guid.cache
[2009/09/06 14:27:57 | 000,025,842 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/08 15:13:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/05/20 16:26:42 | 000,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/20 16:26:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/20 16:25:58 | 000,000,395 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/20 16:25:58 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/20 16:25:58 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd9440cn.dat
[2009/05/20 16:21:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/05/20 16:21:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/05/20 16:21:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/05/20 16:21:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/20 16:21:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/05/20 16:12:01 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/02 07:47:00 | 000,022,300 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Tab Separated Values (DOS).ADR
[2009/04/02 07:43:37 | 000,022,304 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Tab Separated Values (Windows).ADR
[2009/04/01 09:47:49 | 000,683,801 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\unins000.exe
[2009/04/01 09:47:49 | 000,011,615 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\unins000.dat
[2008/05/30 10:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2008/04/21 12:49:06 | 000,006,089 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\PrimoPDFSet.xml
[2008/04/21 12:49:06 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\APUSet.xml
[2008/04/15 14:17:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/25 13:32:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/01/09 16:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/08 19:47:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2007/12/12 22:15:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/10/12 10:30:29 | 000,009,368 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\Comma Separated Values (Windows).EML
[2007/10/07 13:19:36 | 000,034,368 | ---- | C] () -- C:\Program Files\MCj04244600000[1].wmf
[2007/10/07 13:17:47 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 17:14:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/09/13 17:11:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/09/13 17:11:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/28 15:39:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/19 13:17:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PLACE32.INI
[2007/04/16 20:06:21 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PLREMOTE.INI
[2007/04/13 12:07:03 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/11 18:42:25 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2007/04/11 18:42:16 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2007/04/11 18:42:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[2007/04/11 18:42:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\xhbcommdll.dll
[2007/04/11 18:41:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/04/11 18:41:59 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\gteinet.dll
[2007/04/11 18:41:58 | 001,283,072 | ---- | C] () -- C:\WINDOWS\System32\AbacusDB.dll
[2007/04/11 18:41:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\crheapalloc.dll
[2007/04/10 09:34:25 | 000,005,299 | ---- | C] () -- C:\WINDOWS\STI.INI
[2007/04/10 09:25:54 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2007/04/06 11:28:32 | 000,000,577 | ---- | C] () -- C:\WINDOWS\TIMESLIP.INI
[2007/04/06 11:28:13 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\tutil32.dll
[2007/04/06 11:28:09 | 000,705,024 | ---- | C] () -- C:\WINDOWS\System32\TSSchBkpService.exe
[2007/04/04 21:16:58 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\regd4e27win83.dll
[2007/01/23 12:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/12 19:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2007/01/12 19:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2007/01/07 08:39:02 | 000,068,478 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2007/01/07 08:39:02 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2007/01/05 14:39:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 11:43:54 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/06 15:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/07 07:32:32 | 000,001,487 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/06 18:42:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/06 18:42:07 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/06 18:27:26 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/06 18:27:26 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D2178F15B2.sys
[2006/10/04 16:08:46 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Application Data\dvd.bmk
[2006/10/04 16:02:54 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\***name removed for privacy***\Local Settings\Application Data\fusioncache.dat
[2006/09/21 19:47:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/21 19:40:42 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 19:38:07 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 19:35:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/21 19:33:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 19:10:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/21 19:10:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,195,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:28 | 000,515,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,094,922 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 03:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/12 12:00:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2000/11/29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/17 15:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/08/31 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/10/29 14:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boole & Partners
[2010/08/30 11:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/30 10:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect Premier X3 Trial Version
[2010/08/08 14:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/25 15:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/06/27 09:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2006/10/25 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/01/03 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeCalendar
[2007/09/13 17:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/26 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/06 14:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/29 12:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/28 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/04 20:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/04/06 10:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/11/13 17:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/02/17 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\901E3336-F096-4695-B1E6-D3F75A56F550
[2010/08/24 09:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Acronis
[2010/08/30 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Canneverbe Limited
[2010/09/30 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Chief Architect Premier X3 Trial Version
[2010/07/07 16:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/12/23 13:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\DED1CE67-C6F1-4A20-98E5-7E0BB6A4FF6E
[2011/04/22 08:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\FTW
[2010/07/25 09:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\GameRanger
[2010/09/30 09:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\GetRightToGo
[2007/06/05 12:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Leadertech
[2010/11/23 06:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\MAPILab Ltd
[2011/08/29 16:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\officedrop
[2006/11/16 13:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Opera
[2009/05/20 17:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\PC-FAX TX
[2007/09/13 17:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\pdf995
[2009/05/20 16:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\ScanSoft
[2011/08/24 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Spotify
[2007/09/22 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Viewpoint
[2010/07/06 21:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\VirtualStore
[2006/10/04 20:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\WildTangent
[2007/04/06 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***name removed for privacy***\Application Data\Zeon

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 30 October 2011 - 12:47 AM

Malware Expert

Expert
24,623 posts

It's the ZeroAccess rootkit. Can be a problem to get rid of but our tools are getting better so let's see how we do.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Allow it to download the anti-virus database and do the full scan.
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL again (Quickscan) and copy and paste the log.

Ron

#3
dolsson

Posted 30 October 2011 - 08:16 AM

Member

Topic Starter
Member
17 posts

Ron, thanks for your help with this.

Status: I have ComboFix ready to run except that it detects Norton Security Stuite. I have no easy way to access that program as the malware has crippled my access. I googled to see if there is a way to disable it via task manager but found nothing. Can you suggest how to close it--it does not appear in the system tray and trying to open it from programs is non-responsive.

Other worries:

1. Now that I closed IE it will not open again so I have no more browser for downloading. I am thinking that I'll use a flashdrive and then reformat it each time I remove it from the infected machine.

2. My password safe program was running when I sat down at the computer this morning. I am very worried about that--stunned, really.

D

#4
RKinner

Posted 30 October 2011 - 08:29 AM

Malware Expert

Expert
24,623 posts

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)
Run the Norton Removal tool.

#5
dolsson

Posted 30 October 2011 - 08:49 AM

Member

Topic Starter
Member
17 posts

Okay, Norton Removal Tool has run. Now it is prompting me for a restart but the ComboFix warning is still up and it wants me to click OK once Norton is disabled. Because of the dire warnings about interrupting ComboFix I need a confirmation: should I close the ComboFix warning, restart the PC, then rerun ComboFix?

#6
RKinner

Posted 30 October 2011 - 10:15 AM

Malware Expert

Expert
24,623 posts

See if Combofix will run without a restart. If not then let it reboot.

Ron

#7
dolsson

Posted 30 October 2011 - 10:54 AM

Member

Topic Starter
Member
17 posts

Okay, here is the ComboFix log (note that I found/replaced personal info--my name). I am proceeding with the further instructions (TDSSKiller, aswMBR.exe, Malwarebytes):

ComboFix 11-10-30.02 - ***Name Removed for Privacy*** 10/30/2011 9:00.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.3137 [GMT -7:00]
Running from: c:\documents and settings\***Name Removed for Privacy***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9}\20111029122153.log
c:\documents and settings\All Users\Application Data\Tarma Installer\{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{71B5E8B1-1356-43A1-B0FB-E12F9242B402}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{71B5E8B1-1356-43A1-B0FB-E12F9242B402}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{71B5E8B1-1356-43A1-B0FB-E12F9242B402}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{71B5E8B1-1356-43A1-B0FB-E12F9242B402}\Setup.ico
c:\documents and settings\***Name Removed for Privacy***\Local Settings\Application Data\2021572f
c:\documents and settings\***Name Removed for Privacy***\Local Settings\Application Data\2021572f\@
c:\documents and settings\***Name Removed for Privacy***\Local Settings\Application Data\2021572f\X
c:\documents and settings\***Name Removed for Privacy***\My Documents\Downloads\PowerPointViewer.exe
c:\documents and settings\***Name Removed for Privacy***\WINDOWS
c:\windows\$NtUninstallKB35057$
c:\windows\$NtUninstallKB35057$\242499021
c:\windows\$NtUninstallKB35057$\539055919\@
c:\windows\$NtUninstallKB35057$\539055919\L\oaazsenl
c:\windows\$NtUninstallKB35057$\539055919\loader.tlb
c:\windows\$NtUninstallKB35057$\539055919\U\@00000001
c:\windows\$NtUninstallKB35057$\539055919\U\@000000c0
c:\windows\$NtUninstallKB35057$\539055919\U\@000000cb
c:\windows\$NtUninstallKB35057$\539055919\U\@000000cf
c:\windows\$NtUninstallKB35057$\539055919\U\@80000000
c:\windows\$NtUninstallKB35057$\539055919\U\@800000c0
c:\windows\$NtUninstallKB35057$\539055919\U\@800000cb
c:\windows\$NtUninstallKB35057$\539055919\U\@800000cf
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\
c:\windows\system32\c_05722.nls
c:\windows\system32\d3d9caps.dat
c:\windows\system32\regobj.dll
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it

Infected copy of c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe was found and disinfected
Restored copy from - c:\program files\Adobe\Photoshop Elements 3.0\
.
c:\windows\system32\HPZipm12.exe . . . is infected!!
c:\windows\system32\HPZipm12.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_2021572f
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 15:55 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-10-30 15:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-29 23:22 . 2009-10-07 23:28 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-10-29 23:16 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-10-29 19:42 . 2011-10-29 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Boole & Partners
2011-10-29 19:42 . 2011-10-29 19:42 -------- d-----w- c:\program files\Boole & Partners
2011-10-29 19:35 . 2011-10-29 19:35 -------- d-----w- c:\program files\Nirvana
2011-10-29 19:22 . 2011-10-29 19:22 -------- d-----w- c:\program files\SL2010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 00:43 . 2010-09-02 15:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-29 21:09 . 2006-10-22 20:22 159810 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-17 15:41 . 2011-07-14 16:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2010-09-02 15:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie8\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2007-08-14 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-03-26 189904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-08-15 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 390728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-03 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-21 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-4-15 79312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\***Name Removed for Privacy***\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS2\\InDesign.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2011 4:16 PM 28552]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [12/23/2010 1:30 PM 752128]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/31/2009 10:32 AM 3246040]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [4/15/2008 9:35 AM 136656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/2/2010 8:48 AM 366152]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [4/6/2007 11:28 AM 705024]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/31/2009 10:32 AM 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/2/2010 8:48 AM 22216]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [8/26/2011 12:49 PM 103424]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe --> c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDrivePlugin.exe [4/15/2008 9:35 AM 153040]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 f6cB5;f6cB5;\??\c:\docume~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys --> c:\docume~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 pcwe;pcwe;c:\program files\PC Wizard 2006\pcw86-32.sys [1/9/2007 3:54 PM 6784]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [10/29/2011 4:22 PM 17544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\progra~1\LEXISN~1\PClaw\plietool.dll
IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\progra~1\LEXISN~1\PClaw\plietool.dll
Trusted Zone: valic.com\www3
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: PLLiveUpWeb2 - hxxp://support.pclaw.com/PLLiveUpWeb2.cab
DPF: PLUpdate - hxxp://www.pclaw.com/PLUpdate.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Jello.Dashboard - c:\program files\Jello.Dashboard 5\uninst.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-{17B6236A-BF1A-4C2A-B1C7-A77F3F5696E9} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{17B62~1\Setup.exe
AddRemove-{71B5E8B1-1356-43A1-B0FB-E12F9242B402} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{71B5E~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 09:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-59393]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593980]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593981b]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939820]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939825]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-797]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\CommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBars-Summary]
"Bars"=dword:00000000
"ScreenCX"=dword:00000500
"ScreenCY"=dword:00000400
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBarVersion]
"Major"=dword:00000009
"Minor"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\DockingManager-2]
"DockingPaneAndPaneDividers"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Keyboard-0]
"Accelerators"=hex:0b,00,43,00,22,e1,0b,00,4e,00,00,e1,0b,00,4f,00,01,e1,0b,00,
50,00,07,e1,0f,00,50,00,09,e1,0b,00,52,00,a8,5a,0b,00,53,00,03,e1,0b,00,56,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593980]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,03,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:03,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593981b]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939820]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939825]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-797]
"Name"=""
"Buttons"=hex:00,10,00,00,01,00,00,00,00,00,00,00,00,00,00,ff,7f,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000000
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"CommandsUsage"=hex:06,00,00,00,03,00,11,64,00,00,04,00,00,00,03,e1,00,00,01,
00,00,00,01,e1,00,00,01,00,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-59393]
"ID"=dword:00000000
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,8a,02,00,00,b8,03,00,00,a0,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593980]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593981b]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939820]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939825]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-797]
"ID"=dword:0000031d
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,60,00,00,00,19,00,00,00,55,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\WindowPlacement]
"MainWindowRect"=hex:a2,00,00,00,d2,00,00,00,62,04,00,00,9a,03,00,00
"Flags"=dword:00000000
"ShowCmd"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\IDrive\IDriveEView.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\IDrive\ClsIdle.exe
c:\windows\system32\wscntfy.exe
c:\program files\IDrive\IDriveETray.exe
c:\program files\IDrive\IDriveEBackground.exe
.
**************************************************************************
.
Completion time: 2011-10-30 09:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 16:23
ComboFix2.txt 2010-09-23 21:08
.
Pre-Run: 7,693,574,144 bytes free
Post-Run: 8,133,419,008 bytes free
.
- - End Of File - - 6CD98D2A2116610809A074FB56AC6640

#8
dolsson

Posted 30 October 2011 - 11:45 AM

Member

Topic Starter
Member
17 posts

Have now run TDSSKiller, aswMBR and MBytes. Logs below. I will rerun OTL as instructed and post shortly. Thanks for your continued help.

TDSSKiller:

09:55:43.0593 2152 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
09:55:43.0625 2152 ============================================================
09:55:43.0625 2152 Current date / time: 2011/10/30 09:55:43.0625
09:55:43.0625 2152 SystemInfo:
09:55:43.0625 2152
09:55:43.0625 2152 OS Version: 5.1.2600 ServicePack: 3.0
09:55:43.0625 2152 Product type: Workstation
09:55:43.0625 2152 ComputerName: ***NAME REMOVED FOR PRIVACY***
09:55:43.0625 2152 UserName: ***Name Removed for Privacy***
09:55:43.0625 2152 Windows directory: C:\WINDOWS
09:55:43.0625 2152 System windows directory: C:\WINDOWS
09:55:43.0625 2152 Processor architecture: Intel x86
09:55:43.0625 2152 Number of processors: 1
09:55:43.0625 2152 Page size: 0x1000
09:55:43.0625 2152 Boot type: Normal boot
09:55:43.0625 2152 ============================================================
09:55:44.0890 2152 Initialize success
09:55:49.0500 2144 ============================================================
09:55:49.0500 2144 Scan started
09:55:49.0500 2144 Mode: Manual;
09:55:49.0500 2144 ============================================================
09:55:50.0968 2144 Abiosdsk - ok
09:55:51.0031 2144 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:55:51.0031 2144 abp480n5 - ok
09:55:51.0078 2144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:55:51.0078 2144 ACPI - ok
09:55:51.0125 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:55:51.0125 2144 ACPIEC - ok
09:55:51.0171 2144 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:55:51.0187 2144 adpu160m - ok
09:55:51.0218 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:55:51.0218 2144 aec - ok
09:55:51.0265 2144 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\WINDOWS\system32\DRIVERS\afcdp.sys
09:55:51.0265 2144 afcdp - ok
09:55:51.0312 2144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:55:51.0312 2144 AFD - ok
09:55:51.0343 2144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:55:51.0343 2144 agp440 - ok
09:55:51.0375 2144 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:55:51.0375 2144 agpCPQ - ok
09:55:51.0406 2144 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:55:51.0406 2144 Aha154x - ok
09:55:51.0421 2144 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:55:51.0421 2144 aic78u2 - ok
09:55:51.0437 2144 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:55:51.0437 2144 aic78xx - ok
09:55:51.0468 2144 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:55:51.0468 2144 AliIde - ok
09:55:51.0484 2144 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:55:51.0484 2144 alim1541 - ok
09:55:51.0500 2144 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:55:51.0500 2144 amdagp - ok
09:55:51.0531 2144 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:55:51.0531 2144 AmdK8 - ok
09:55:51.0578 2144 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:55:51.0578 2144 amsint - ok
09:55:51.0609 2144 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:55:51.0609 2144 asc - ok
09:55:51.0750 2144 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:55:51.0750 2144 asc3350p - ok
09:55:51.0812 2144 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:55:51.0812 2144 asc3550 - ok
09:55:51.0859 2144 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
09:55:51.0875 2144 Aspi32 - ok
09:55:51.0906 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:55:51.0906 2144 AsyncMac - ok
09:55:51.0921 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:55:51.0921 2144 atapi - ok
09:55:51.0937 2144 Atdisk - ok
09:55:51.0984 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:55:51.0984 2144 Atmarpc - ok
09:55:52.0031 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:55:52.0031 2144 audstub - ok
09:55:52.0046 2144 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:55:52.0046 2144 bcm4sbxp - ok
09:55:52.0062 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:55:52.0062 2144 Beep - ok
09:55:52.0125 2144 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
09:55:52.0125 2144 BrScnUsb - ok
09:55:52.0171 2144 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
09:55:52.0171 2144 BrSerIf - ok
09:55:52.0203 2144 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
09:55:52.0203 2144 BrUsbSer - ok
09:55:52.0203 2144 catchme - ok
09:55:52.0234 2144 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:55:52.0234 2144 cbidf - ok
09:55:52.0250 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:55:52.0250 2144 cbidf2k - ok
09:55:52.0281 2144 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:55:52.0281 2144 cd20xrnt - ok
09:55:52.0312 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:55:52.0312 2144 Cdaudio - ok
09:55:52.0328 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:55:52.0328 2144 Cdfs - ok
09:55:52.0375 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:55:52.0375 2144 Cdrom - ok
09:55:52.0390 2144 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:55:52.0390 2144 cercsr6 - ok
09:55:52.0406 2144 Changer - ok
09:55:52.0437 2144 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:55:52.0437 2144 CmdIde - ok
09:55:52.0593 2144 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:55:52.0593 2144 Cpqarray - ok
09:55:52.0656 2144 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:55:52.0656 2144 dac2w2k - ok
09:55:52.0671 2144 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:55:52.0671 2144 dac960nt - ok
09:55:52.0671 2144 DarkSpy - ok
09:55:52.0718 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:55:52.0718 2144 Disk - ok
09:55:52.0765 2144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:55:52.0796 2144 dmboot - ok
09:55:52.0828 2144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:55:52.0828 2144 dmio - ok
09:55:52.0843 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:55:52.0843 2144 dmload - ok
09:55:52.0875 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:55:52.0875 2144 DMusic - ok
09:55:52.0921 2144 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:55:52.0921 2144 dpti2o - ok
09:55:52.0921 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:55:52.0921 2144 drmkaud - ok
09:55:53.0046 2144 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
09:55:53.0046 2144 DSproct - ok
09:55:53.0078 2144 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:55:53.0078 2144 E100B - ok
09:55:53.0218 2144 f6cB5 - ok
09:55:53.0250 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:55:53.0250 2144 Fastfat - ok
09:55:53.0312 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:55:53.0312 2144 Fdc - ok
09:55:53.0343 2144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:55:53.0343 2144 Fips - ok
09:55:53.0375 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:55:53.0375 2144 Flpydisk - ok
09:55:53.0437 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:55:53.0437 2144 FltMgr - ok
09:55:53.0453 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:55:53.0453 2144 Fs_Rec - ok
09:55:53.0484 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:55:53.0484 2144 Ftdisk - ok
09:55:53.0515 2144 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:55:53.0515 2144 GEARAspiWDM - ok
09:55:53.0671 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:55:53.0671 2144 Gpc - ok
09:55:53.0687 2144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:55:53.0687 2144 HDAudBus - ok
09:55:53.0734 2144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:55:53.0734 2144 HidUsb - ok
09:55:53.0796 2144 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:55:53.0796 2144 hpn - ok
09:55:53.0875 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:55:53.0875 2144 HTTP - ok
09:55:53.0890 2144 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:55:53.0890 2144 i2omgmt - ok
09:55:53.0921 2144 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:55:53.0921 2144 i2omp - ok
09:55:53.0953 2144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:55:53.0953 2144 i8042prt - ok
09:55:53.0984 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:55:53.0984 2144 Imapi - ok
09:55:54.0031 2144 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:55:54.0031 2144 ini910u - ok
09:55:54.0062 2144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:55:54.0062 2144 IntelIde - ok
09:55:54.0109 2144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:55:54.0109 2144 intelppm - ok
09:55:54.0140 2144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:55:54.0140 2144 Ip6Fw - ok
09:55:54.0171 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:55:54.0171 2144 IpFilterDriver - ok
09:55:54.0187 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:55:54.0187 2144 IpInIp - ok
09:55:54.0218 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:55:54.0234 2144 IpNat - ok
09:55:54.0234 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:55:54.0234 2144 IPSec - ok
09:55:54.0281 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:55:54.0281 2144 IRENUM - ok
09:55:54.0296 2144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:55:54.0296 2144 isapnp - ok
09:55:54.0343 2144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:55:54.0343 2144 Kbdclass - ok
09:55:54.0359 2144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:55:54.0359 2144 kbdhid - ok
09:55:54.0375 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:55:54.0390 2144 kmixer - ok
09:55:54.0421 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:55:54.0421 2144 KSecDD - ok
09:55:54.0437 2144 lbrtfdc - ok
09:55:54.0515 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:55:54.0515 2144 mnmdd - ok
09:55:54.0671 2144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:55:54.0671 2144 Modem - ok
09:55:54.0750 2144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:55:54.0750 2144 Mouclass - ok
09:55:54.0765 2144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:55:54.0765 2144 mouhid - ok
09:55:54.0781 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:55:54.0781 2144 MountMgr - ok
09:55:54.0828 2144 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:55:54.0828 2144 mraid35x - ok
09:55:54.0859 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:55:54.0859 2144 MRxDAV - ok
09:55:54.0906 2144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:55:54.0921 2144 MRxSmb - ok
09:55:54.0968 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:55:54.0968 2144 Msfs - ok
09:55:54.0984 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:55:54.0984 2144 MSKSSRV - ok
09:55:55.0015 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:55:55.0015 2144 MSPCLOCK - ok
09:55:55.0062 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:55:55.0078 2144 MSPQM - ok
09:55:55.0125 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:55:55.0125 2144 mssmbios - ok
09:55:55.0156 2144 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
09:55:55.0156 2144 msvad_simple - ok
09:55:55.0187 2144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:55:55.0187 2144 Mup - ok
09:55:55.0218 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:55:55.0218 2144 NDIS - ok
09:55:55.0234 2144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:55:55.0234 2144 NdisTapi - ok
09:55:55.0281 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:55:55.0281 2144 Ndisuio - ok
09:55:55.0312 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:55:55.0312 2144 NdisWan - ok
09:55:55.0343 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:55:55.0343 2144 NDProxy - ok
09:55:55.0375 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:55:55.0375 2144 NetBIOS - ok
09:55:55.0390 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:55:55.0390 2144 NetBT - ok
09:55:55.0437 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:55:55.0437 2144 Npfs - ok
09:55:55.0484 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:55:55.0484 2144 Ntfs - ok
09:55:55.0656 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:55:55.0671 2144 Null - ok
09:55:55.0843 2144 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:55:55.0968 2144 nv - ok
09:55:56.0000 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:55:56.0000 2144 NwlnkFlt - ok
09:55:56.0031 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:55:56.0031 2144 NwlnkFwd - ok
09:55:56.0078 2144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:55:56.0078 2144 Parport - ok
09:55:56.0109 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:55:56.0109 2144 PartMgr - ok
09:55:56.0156 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:55:56.0156 2144 ParVdm - ok
09:55:56.0203 2144 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
09:55:56.0203 2144 pavboot - ok
09:55:56.0218 2144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:55:56.0218 2144 PCI - ok
09:55:56.0234 2144 PCIDump - ok
09:55:56.0265 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:55:56.0265 2144 PCIIde - ok
09:55:56.0296 2144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:55:56.0296 2144 Pcmcia - ok
09:55:56.0375 2144 pcwe (a1fc99286393b15d6938b8baf11e08a5) C:\Program Files\PC Wizard 2006\pcw86-32.sys
09:55:56.0375 2144 pcwe - ok
09:55:56.0390 2144 PDCOMP - ok
09:55:56.0406 2144 PDFRAME - ok
09:55:56.0406 2144 PDRELI - ok
09:55:56.0421 2144 PDRFRAME - ok
09:55:56.0453 2144 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:55:56.0453 2144 perc2 - ok
09:55:56.0468 2144 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:55:56.0468 2144 perc2hib - ok
09:55:56.0546 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:55:56.0546 2144 PptpMiniport - ok
09:55:56.0562 2144 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:55:56.0562 2144 Processor - ok
09:55:56.0578 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:55:56.0578 2144 PSched - ok
09:55:56.0640 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:55:56.0640 2144 Ptilink - ok
09:55:56.0671 2144 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:55:56.0671 2144 PxHelp20 - ok
09:55:56.0718 2144 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:55:56.0718 2144 ql1080 - ok
09:55:56.0843 2144 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:55:56.0843 2144 Ql10wnt - ok
09:55:56.0937 2144 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:55:56.0937 2144 ql12160 - ok
09:55:56.0953 2144 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:55:56.0953 2144 ql1240 - ok
09:55:56.0984 2144 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:55:56.0984 2144 ql1280 - ok
09:55:57.0031 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:55:57.0031 2144 RasAcd - ok
09:55:57.0078 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:55:57.0078 2144 Rasl2tp - ok
09:55:57.0125 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:55:57.0125 2144 RasPppoe - ok
09:55:57.0140 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:55:57.0140 2144 Raspti - ok
09:55:57.0187 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:55:57.0187 2144 Rdbss - ok
09:55:57.0203 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:55:57.0203 2144 RDPCDD - ok
09:55:57.0218 2144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:55:57.0234 2144 rdpdr - ok
09:55:57.0281 2144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:55:57.0281 2144 RDPWD - ok
09:55:57.0312 2144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:55:57.0312 2144 redbook - ok
09:55:57.0359 2144 RkPavproc1 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc1.sys
09:55:57.0359 2144 RkPavproc1 - ok
09:55:57.0406 2144 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
09:55:57.0421 2144 RzSynapse - ok
09:55:57.0468 2144 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
09:55:57.0468 2144 SDDMI2 - ok
09:55:57.0515 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:55:57.0515 2144 Secdrv - ok
09:55:57.0578 2144 Sentinel (d23fc3f409fdbb2a5c230abc137c4b45) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
09:55:57.0578 2144 Sentinel - ok
09:55:57.0625 2144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:55:57.0625 2144 serenum - ok
09:55:57.0656 2144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:55:57.0656 2144 Serial - ok
09:55:57.0687 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:55:57.0687 2144 Sfloppy - ok
09:55:57.0703 2144 Simbad - ok
09:55:57.0765 2144 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:55:57.0765 2144 sisagp - ok
09:55:57.0828 2144 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\WINDOWS\system32\DRIVERS\snapman.sys
09:55:57.0828 2144 snapman - ok
09:55:57.0968 2144 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:55:57.0968 2144 Sparrow - ok
09:55:58.0031 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:55:58.0031 2144 splitter - ok
09:55:58.0078 2144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:55:58.0078 2144 sr - ok
09:55:58.0265 2144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:55:58.0328 2144 Srv - ok
09:55:58.0390 2144 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
09:55:58.0390 2144 SSKBFD - ok
09:55:58.0406 2144 StarOpen - ok
09:55:58.0468 2144 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
09:55:58.0484 2144 STHDA - ok
09:55:58.0515 2144 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:55:58.0515 2144 StillCam - ok
09:55:58.0546 2144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:55:58.0546 2144 swenum - ok
09:55:58.0578 2144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:55:58.0578 2144 swmidi - ok
09:55:58.0625 2144 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:55:58.0625 2144 symc810 - ok
09:55:58.0640 2144 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:55:58.0656 2144 symc8xx - ok
09:55:58.0687 2144 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:55:58.0687 2144 sym_hi - ok
09:55:58.0718 2144 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:55:58.0718 2144 sym_u3 - ok
09:55:58.0781 2144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:55:58.0781 2144 sysaudio - ok
09:55:58.0843 2144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:55:58.0859 2144 Tcpip - ok
09:55:58.0921 2144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:55:58.0921 2144 TDPIPE - ok
09:55:59.0000 2144 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
09:55:59.0031 2144 tdrpman273 - ok
09:55:59.0156 2144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:55:59.0156 2144 TDTCP - ok
09:55:59.0250 2144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:55:59.0250 2144 TermDD - ok
09:55:59.0296 2144 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
09:55:59.0296 2144 tifsfilter - ok
09:55:59.0328 2144 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys
09:55:59.0328 2144 timounter - ok
09:55:59.0375 2144 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:55:59.0375 2144 TosIde - ok
09:55:59.0406 2144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:55:59.0406 2144 Udfs - ok
09:55:59.0421 2144 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:55:59.0421 2144 ultra - ok
09:55:59.0484 2144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:55:59.0484 2144 Update - ok
09:55:59.0546 2144 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:55:59.0546 2144 USBAAPL - ok
09:55:59.0593 2144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:55:59.0593 2144 usbccgp - ok
09:55:59.0609 2144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:55:59.0609 2144 usbehci - ok
09:55:59.0640 2144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:55:59.0640 2144 usbhub - ok
09:55:59.0656 2144 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:55:59.0656 2144 usbohci - ok
09:55:59.0718 2144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:55:59.0718 2144 usbprint - ok
09:55:59.0781 2144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:55:59.0781 2144 usbscan - ok
09:55:59.0828 2144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:55:59.0828 2144 USBSTOR - ok
09:55:59.0859 2144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:55:59.0859 2144 usbuhci - ok
09:55:59.0875 2144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:55:59.0875 2144 VgaSave - ok
09:55:59.0921 2144 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:55:59.0921 2144 viaagp - ok
09:56:00.0046 2144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:56:00.0046 2144 ViaIde - ok
09:56:00.0109 2144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:56:00.0109 2144 VolSnap - ok
09:56:00.0140 2144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:56:00.0140 2144 Wanarp - ok
09:56:00.0156 2144 wanatw - ok
09:56:00.0203 2144 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:56:00.0203 2144 Wdf01000 - ok
09:56:00.0218 2144 WDICA - ok
09:56:00.0234 2144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:56:00.0250 2144 wdmaud - ok
09:56:00.0312 2144 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
09:56:00.0312 2144 WinUSB - ok
09:56:00.0375 2144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:56:00.0375 2144 WpdUsb - ok
09:56:00.0437 2144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:56:00.0437 2144 WudfPf - ok
09:56:00.0484 2144 MBR (0x1B8) (489c86defbf26ed7e9e984bcaab1d64c) \Device\Harddisk0\DR0
09:56:00.0609 2144 \Device\Harddisk0\DR0 - ok
09:56:00.0609 2144 Boot (0x1200) (bc97b5de5f53a066dde0557bc5576dc3) \Device\Harddisk0\DR0\Partition0
09:56:00.0609 2144 \Device\Harddisk0\DR0\Partition0 - ok
09:56:00.0625 2144 ============================================================
09:56:00.0625 2144 Scan finished
09:56:00.0625 2144 ============================================================
09:56:00.0625 2160 Detected object count: 0
09:56:00.0625 2160 Actual detected object count: 0
09:56:44.0656 3096 Deinitialize success

aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-30 09:57:48
-----------------------------
09:57:48.203 OS Version: Windows 5.1.2600 Service Pack 3
09:57:48.203 Number of processors: 1 586 0x4F02
09:57:48.203 ComputerName: ***Name Removed for Privacy*** UserName: ***Name Removed for Privacy***
09:57:48.468 Initialize success
09:59:03.140 AVAST engine defs: 11103000
10:03:25.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:03:25.812 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
10:03:27.828 Disk 0 MBR read successfully
10:03:27.828 Disk 0 MBR scan
10:03:27.859 Disk 0 unknown MBR code
10:03:27.859 Disk 0 scanning sectors +103330080
10:03:27.953 Disk 0 scanning C:\WINDOWS\system32\drivers
10:03:42.234 Service scanning
10:03:43.296 Modules scanning
10:03:46.984 Disk 0 trace - called modules:
10:03:47.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:03:47.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b06fab8]
10:03:47.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b17af18]
10:03:47.000 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b09b940]
10:03:47.390 AVAST engine scan C:\WINDOWS
10:04:00.359 AVAST engine scan C:\WINDOWS\system32
10:06:32.812 AVAST engine scan C:\WINDOWS\system32\drivers
10:06:50.968 AVAST engine scan C:\Documents and Settings\***Name Removed for Privacy***
10:13:18.093 AVAST engine scan C:\Documents and Settings\All Users
10:19:41.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\***Name Removed for Privacy***\Desktop\MBR.dat"
10:19:41.937 The log file has been saved successfully to "C:\Documents and Settings\***Name Removed for Privacy***\Desktop\aswMBR.txt"

Mbytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8047

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/30/2011 10:31:35 AM
mbam-log-2011-10-30 (10-31-35).txt

Scan type: Quick scan
Objects scanned: 201556
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9
dolsson

Posted 30 October 2011 - 11:57 AM

Member

Topic Starter
Member
17 posts

Here is the log from the second run of OTL. Posting this log is the last item on your instructions to me. I await further instructions. (I see some ask.com items in firefox that I know don't belong there but the rest is greek to me...)

OTL logfile created on: 10/30/2011 10:46:44 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\***Name Removed for Privacy***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 83.27% Memory free
4.68 Gb Paging File | 4.32 Gb Available in Paging File | 92.31% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.04 Gb Total Space | 7.48 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive D: | 577.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ***Name Removed for Privacy*** | User Name: ***Name Removed for Privacy*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 09:14:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2011/10/29 14:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\OTL.exe
PRC - [2011/10/29 14:09:47 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2011/10/29 14:06:23 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2011/08/08 18:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/07/21 07:29:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/17 14:33:42 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/01 20:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/12/06 05:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 05:56:38 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 11:42:26 | 001,566,160 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2008/03/26 16:57:12 | 000,038,352 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2007/11/29 16:50:50 | 000,050,744 | ---- | M] ( Pro Softnet Corporation) -- C:\Program Files\IDrive\ClsIdle.exe
PRC - [2006/08/15 07:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/30 09:14:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2007/05/23 18:19:16 | 000,069,632 | ---- | M] () -- C:\Program Files\IDrive\GetMailPaths.dll
MOD - [2006/12/11 13:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/12/03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/10/22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (AdobeActiveFileMonitor)
SRV - [2011/10/30 09:14:46 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2011/10/29 14:09:47 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2011/10/29 14:06:23 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2011/02/17 14:33:42 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 05:56:38 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/09 11:02:36 | 000,153,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IDrive\IDrivePlugin.exe -- (IDrivePlugin)
SRV - [2007/12/12 22:03:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TSSchBkpService.exe -- (TSScheduleBackup)

========== Driver Services (SafeList) ==========

DRV - [2011/03/31 15:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2011/02/17 14:33:53 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/02/17 14:33:36 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/02/17 14:33:33 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/23 13:30:01 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/10/07 16:28:50 | 000,017,544 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/18 15:54:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/15 07:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 11:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/11 10:02:12 | 000,006,784 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC Wizard 2006\pcw86-32.sys -- (pcwe)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.049
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2011/10/29 14:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2011/09/29 12:27:24 | 000,000,000 | ---D | M]

[2009/06/12 12:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Extensions
[2011/10/06 10:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions
[2010/04/12 09:16:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 14:57:55 | 000,000,000 | ---D | M] (Diccionario espaÃ±ol Mexico) -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\[email protected]
[2011/05/24 09:49:13 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\searchplugins\safesearch.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***Name Removed for Privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***Name Removed for Privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***Name Removed for Privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\***Name Removed for Privacy***\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75X2MOCA.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/10/30 09:16:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = File not found
O4 - Startup: C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (Endicosoft.com)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: valic.com ([www3] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_5.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1168112709250 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168112702734 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpres...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: PLLiveUpWeb http://support.pclaw...PLLiveUpWeb.CAB (Reg Error: Key error.)
O16 - DPF: PLLiveUpWeb2 http://support.pclaw...LLiveUpWeb2.cab (Reg Error: Key error.)
O16 - DPF: PLUpdate http://www.pclaw.com/PLUpdate.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7D3A1B-60EF-41D2-9A5B-B3FC4064334E}: DhcpNameServer = 68.87.69.150 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\***Name Removed for Privacy***\My Documents\My Pictures\BC Doin Nothing Background copy.gif
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:29:12 | 001,070,488 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/04 10:38:36 | 000,000,167 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (a)
O34 - HKLM BootExecute: (u)
O34 - HKLM BootExecute: (t)
O34 - HKLM BootExecute: (o)
O34 - HKLM BootExecute: ©
O34 - HKLM BootExecute: (h)
O34 - HKLM BootExecute: (k)
O34 - HKLM BootExecute: (*)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/30 10:20:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/30 09:29:33 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/30 09:28:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\aswMBR.exe
[2011/10/30 09:27:41 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\tdsskiller.exe
[2011/10/30 08:52:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/30 08:52:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/30 08:52:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/30 08:52:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/30 07:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/30 07:00:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\Administrative Tools
[2011/10/30 07:00:00 | 004,278,480 | R--- | C] (Swearware) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\ComboFix.exe
[2011/10/30 03:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/10/29 17:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\RootkitRevealer
[2011/10/29 16:22:15 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2011/10/29 16:16:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/10/29 13:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\OptiCut_Bar_Pro_v5_03_keygen_by_ENGiNE
[2011/10/29 12:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Boole & Partners
[2011/10/29 12:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boole & Partners
[2011/10/29 12:39:15 | 002,629,632 | ---- | C] (Boole & Partners) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\installopticoupe.exe
[2011/10/29 12:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nirvana
[2011/10/29 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Nirvana
[2011/10/29 12:32:15 | 021,237,064 | ---- | C] (Nirvana Technologies Pvt. Ltd. ) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\plus2d_dp_wood.exe
[2011/10/29 12:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SL2010
[2011/10/29 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\SL2010
[2011/10/29 12:20:51 | 004,985,822 | ---- | C] (Productivity Systems LLC) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\SheetLayout2010-Setup_4.exe
[2011/10/29 12:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\CUTLIST
[2011/10/27 09:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***Name Removed for Privacy***\My Documents\TC2000
[2007/04/11 18:42:01 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 10:19:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\MBR.dat
[2011/10/30 09:30:17 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
[2011/10/30 09:30:12 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/30 09:30:12 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/30 09:30:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 09:30:01 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 09:29:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/30 09:28:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\aswMBR.exe
[2011/10/30 09:27:44 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\tdsskiller.exe
[2011/10/30 09:16:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/30 07:32:40 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\Norton_Removal_Tool.exe
[2011/10/30 06:54:20 | 004,278,480 | R--- | M] (Swearware) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\ComboFix.exe
[2011/10/29 17:54:54 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\RootkitRevealer.zip
[2011/10/29 14:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\OTL.exe
[2011/10/29 12:39:24 | 002,629,632 | ---- | M] (Boole & Partners) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\installopticoupe.exe
[2011/10/29 12:36:03 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PLUS 2D.lnk
[2011/10/29 12:32:47 | 021,237,064 | ---- | M] (Nirvana Technologies Pvt. Ltd. ) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\plus2d_dp_wood.exe
[2011/10/29 12:20:52 | 004,985,822 | ---- | M] (Productivity Systems LLC) -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\SheetLayout2010-Setup_4.exe
[2011/10/29 12:16:28 | 000,300,376 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\CUTLIST.zip
[2011/10/27 09:22:10 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\TC2000.lnk
[2011/10/27 09:12:23 | 000,000,467 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/27 07:34:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
[2011/10/25 16:23:31 | 000,000,247 | ---- | M] () -- C:\WINDOWS\PLREMOTE.INI
[2011/10/25 14:26:42 | 000,006,089 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\PrimoPDFSet.xml
[2011/10/25 14:26:07 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\APUSet.xml
[2011/10/17 08:53:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/17 08:49:21 | 000,515,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/17 08:49:21 | 000,094,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/17 08:38:23 | 000,195,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 07:34:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 10:19:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\MBR.dat
[2011/10/30 08:52:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/30 08:52:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/30 08:52:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/30 08:52:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/30 08:52:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/30 07:32:38 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\Norton_Removal_Tool.exe
[2011/10/29 17:54:53 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\RootkitRevealer.zip
[2011/10/29 12:36:02 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PLUS 2D.lnk
[2011/10/29 12:16:26 | 000,300,376 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\CUTLIST.zip
[2011/10/27 09:22:10 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Start Menu\Programs\TC2000.lnk
[2011/10/27 09:22:10 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Desktop\TC2000.lnk
[2011/08/30 08:49:05 | 000,469,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/18 15:28:04 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 15:22:40 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 08:40:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2011/01/13 15:40:45 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/13 15:40:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/18 10:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/08/31 16:27:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/14 10:55:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\housecall.guid.cache
[2009/09/06 14:27:57 | 000,025,842 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/08 15:13:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/05/20 16:26:42 | 000,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/20 16:26:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/20 16:25:58 | 000,000,395 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/20 16:25:58 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/20 16:25:58 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd9440cn.dat
[2009/05/20 16:21:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/05/20 16:21:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/05/20 16:21:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/05/20 16:21:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/20 16:21:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/05/20 16:12:01 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/02 07:47:00 | 000,022,300 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Tab Separated Values (DOS).ADR
[2009/04/02 07:43:37 | 000,022,304 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Tab Separated Values (Windows).ADR
[2009/04/01 09:47:49 | 000,683,801 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\unins000.exe
[2009/04/01 09:47:49 | 000,011,615 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\unins000.dat
[2008/05/30 10:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2008/04/21 12:49:06 | 000,006,089 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\PrimoPDFSet.xml
[2008/04/21 12:49:06 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\APUSet.xml
[2008/04/15 14:17:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/25 13:32:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/01/09 16:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/08 19:47:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2007/12/12 22:15:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/10/12 10:30:29 | 000,009,368 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Comma Separated Values (Windows).EML
[2007/10/07 13:19:36 | 000,034,368 | ---- | C] () -- C:\Program Files\MCj04244600000[1].wmf
[2007/10/07 13:17:47 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 17:14:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/09/13 17:11:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/09/13 17:11:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/28 15:39:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/19 13:17:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PLACE32.INI
[2007/04/16 20:06:21 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PLREMOTE.INI
[2007/04/13 12:07:03 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/11 18:42:25 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2007/04/11 18:42:16 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2007/04/11 18:42:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[2007/04/11 18:42:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\xhbcommdll.dll
[2007/04/11 18:41:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/04/11 18:41:59 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\gteinet.dll
[2007/04/11 18:41:58 | 001,283,072 | ---- | C] () -- C:\WINDOWS\System32\AbacusDB.dll
[2007/04/11 18:41:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\crheapalloc.dll
[2007/04/10 09:34:25 | 000,005,299 | ---- | C] () -- C:\WINDOWS\STI.INI
[2007/04/10 09:25:54 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2007/04/06 11:28:32 | 000,000,577 | ---- | C] () -- C:\WINDOWS\TIMESLIP.INI
[2007/04/06 11:28:13 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\tutil32.dll
[2007/04/06 11:28:09 | 000,705,024 | ---- | C] () -- C:\WINDOWS\System32\TSSchBkpService.exe
[2007/04/04 21:16:58 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\regd4e27win83.dll
[2007/01/23 12:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/12 19:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2007/01/12 19:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2007/01/07 08:39:02 | 000,068,478 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2007/01/07 08:39:02 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2007/01/05 14:39:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 11:43:54 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/06 15:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/07 07:32:32 | 000,001,487 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/06 18:42:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/06 18:42:07 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/06 18:27:26 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/06 18:27:26 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D2178F15B2.sys
[2006/10/04 16:08:46 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\dvd.bmk
[2006/10/04 16:02:54 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\fusioncache.dat
[2006/09/21 19:47:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/21 19:40:42 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 19:38:07 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 19:35:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/21 19:33:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 19:10:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/21 19:10:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,195,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:28 | 000,515,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,094,922 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2000/11/29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/17 15:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/08/31 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/10/29 14:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boole & Partners
[2010/08/30 11:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/30 10:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chief Architect Premier X3 Trial Version
[2010/08/08 14:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/25 15:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/06/27 09:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2006/10/25 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/01/03 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeCalendar
[2007/09/13 17:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/26 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/06 14:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/28 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/04 20:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/04/06 10:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/11/13 17:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/02/17 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\901E3336-F096-4695-B1E6-D3F75A56F550
[2010/08/24 09:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Acronis
[2010/08/30 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Canneverbe Limited
[2010/09/30 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Chief Architect Premier X3 Trial Version
[2010/07/07 16:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/12/23 13:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\DED1CE67-C6F1-4A20-98E5-7E0BB6A4FF6E
[2011/04/22 08:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\FTW
[2010/07/25 09:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\GameRanger
[2010/09/30 09:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\GetRightToGo
[2007/06/05 12:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Leadertech
[2010/11/23 06:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\MAPILab Ltd
[2011/08/29 16:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\officedrop
[2006/11/16 13:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Opera
[2009/05/20 17:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\PC-FAX TX
[2007/09/13 17:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\pdf995
[2009/05/20 16:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\ScanSoft
[2011/08/24 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Spotify
[2007/09/22 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Viewpoint
[2010/07/06 21:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\VirtualStore
[2006/10/04 20:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\WildTangent
[2007/04/06 16:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***Name Removed for Privacy***\Application Data\Zeon

========== Purity Check ==========

< End of report >

#10
RKinner

Posted 30 October 2011 - 12:05 PM

Malware Expert

Expert
24,623 posts

After you do the OTL:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
AdobeActiveFileMonitor
DarkSpy
f6cB5

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=-
******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Are you able to get on line now? If so: You can reinstall Norton if you decide to keep it. An alternative is the free Avast:

Replace with the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

See if you can find aswboot.txt in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\
I think that's where they hide the log file in XP.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

You will probably need to uninstall and then reinstall your HP printer.

Ron

#11
dolsson

Posted 30 October 2011 - 01:04 PM

Member

Topic Starter
Member
17 posts

I am acting on your last post, but in the meantime, I want to mention that I have no HP printer and would love to get rid of all HP drivers and the like. I specifically avoided repurchasing HP because of the bloatware from last time. I don't want to get off topic too much, but if you know of a good HP driver removal tool I'd love to use it after things get settled otherwise.

#12
dolsson

Posted 30 October 2011 - 03:13 PM

Member

Topic Starter
Member
17 posts

I am back online now. Here is the new ComboFix log. I will be reinstalling Norton Security Suite next and awaiting any further instructions.

Thanks,
D

ComboFix 11-10-30.03 - ***Name Removed for Privacy*** 10/30/2011 12:11:33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.2768 [GMT -7:00]
Running from: c:\documents and settings\***Name Removed for Privacy***\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\***Name Removed for Privacy***\Desktop\CFSCript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADOBEACTIVEFILEMONITOR
-------\Legacy_DARKSPY
-------\Legacy_F6CB5
-------\Service_AdobeActiveFileMonitor
-------\Service_DarkSpy
-------\Service_f6cB5
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 17:20 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 15:55 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-10-30 15:55 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-29 23:22 . 2009-10-07 23:28 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2011-10-29 23:16 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-10-29 19:42 . 2011-10-29 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Boole & Partners
2011-10-29 19:42 . 2011-10-29 19:42 -------- d-----w- c:\program files\Boole & Partners
2011-10-29 19:35 . 2011-10-29 19:35 -------- d-----w- c:\program files\Nirvana
2011-10-29 19:22 . 2011-10-29 19:22 -------- d-----w- c:\program files\SL2010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 21:09 . 2006-10-22 20:22 159810 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-17 15:41 . 2011-07-14 16:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie8\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2007-08-14 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_16.17.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-30 20:45 . 2011-10-30 20:45 16384 c:\windows\temp\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-03-26 189904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-08-15 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 390728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-03 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-21 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\***Name Removed for Privacy***\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-4-15 79312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\***Name Removed for Privacy***\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS2\\InDesign.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2011 4:16 PM 28552]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [12/23/2010 1:30 PM 752128]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/31/2009 10:32 AM 3246040]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [4/15/2008 9:35 AM 136656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/30/2011 10:20 AM 366152]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [4/6/2007 11:28 AM 705024]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/31/2009 10:32 AM 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/30/2011 10:20 AM 22216]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [8/26/2011 12:49 PM 103424]
S2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDrivePlugin.exe [4/15/2008 9:35 AM 153040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 pcwe;pcwe;c:\program files\PC Wizard 2006\pcw86-32.sys [1/9/2007 3:54 PM 6784]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [10/29/2011 4:22 PM 17544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1976711761-373712229-1087412766-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\progra~1\LEXISN~1\PClaw\plietool.dll
IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\progra~1\LEXISN~1\PClaw\plietool.dll
Trusted Zone: valic.com\www3
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: PLLiveUpWeb2 - hxxp://support.pclaw.com/PLLiveUpWeb2.cab
DPF: PLUpdate - hxxp://www.pclaw.com/PLUpdate.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\***Name Removed for Privacy***\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-59393]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593980]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593981b]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939820]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939825]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-797]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\CommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBars-Summary]
"Bars"=dword:00000000
"ScreenCX"=dword:00000500
"ScreenCY"=dword:00000400
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBarVersion]
"Major"=dword:00000009
"Minor"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\DockingManager-2]
"DockingPaneAndPaneDividers"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Keyboard-0]
"Accelerators"=hex:0b,00,43,00,22,e1,0b,00,4e,00,00,e1,0b,00,4f,00,01,e1,0b,00,
50,00,07,e1,0f,00,50,00,09,e1,0b,00,52,00,a8,5a,0b,00,53,00,03,e1,0b,00,56,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593980]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,03,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:03,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593981b]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939820]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939825]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-797]
"Name"=""
"Buttons"=hex:00,10,00,00,01,00,00,00,00,00,00,00,00,00,00,ff,7f,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000000
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"CommandsUsage"=hex:06,00,00,00,03,00,11,64,00,00,04,00,00,00,03,e1,00,00,01,
00,00,00,01,e1,00,00,01,00,00,00
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-59393]
"ID"=dword:00000000
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,8a,02,00,00,b8,03,00,00,a0,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593980]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593981b]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939820]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939825]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-797]
"ID"=dword:0000031d
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,60,00,00,00,19,00,00,00,55,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\WindowPlacement]
"MainWindowRect"=hex:a2,00,00,00,d2,00,00,00,62,04,00,00,9a,03,00,00
"Flags"=dword:00000000
"ShowCmd"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\IDrive\IDriveEView.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\IDrive\ClsIdle.exe
c:\program files\IDrive\IDriveETray.exe
c:\program files\IDrive\IDriveEBackground.exe
.
**************************************************************************
.
Completion time: 2011-10-30 13:54:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 20:54
ComboFix2.txt 2011-10-30 16:23
ComboFix3.txt 2010-09-23 21:08
.
Pre-Run: 7,993,724,928 bytes free
Post-Run: 8,068,116,480 bytes free
.
- - End Of File - - 24C4C9C0FCD025CB71152A20E2949E97

#13
dolsson

Posted 30 October 2011 - 03:52 PM

Member

Topic Starter
Member
17 posts

Norton asked for a reboot upon re-installation. On reboot, I got a message (during windows startup I think), that had some file path and then said "skipping autocheck." It disappeared before I could write down the file path. It seemed to take a while to reboot. Then I ran a quick scan with Norton. It identified trojan.katush.A!inf in the c:/program files/adobe/photoshop elements 3/photoshopelementsfileagent.exe file. It quarantined the file and says no further action is required.

I noticed a red flag in one of the earlier logs pointing to a file in Photoshop Elements as well. I'd rather uninstall that program than risk further action by this trojan. But perhaps I can take Norton at its word and do nothing?

I am going to rerun Norton's scan and perhaps run an online scan as well--ESET or something. Unless I hear from you than I should not, for some reason. I don't want to install AVAST because all our computers run the Norton Suite and I want that to be consistent. But an online scan should not create conflicts.

Ron, thanks again for you help and please inform me if you want additional action/information.

D

#14
RKinner

Posted 30 October 2011 - 04:56 PM

Malware Expert

Expert
24,623 posts

IF you haven't already:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

The autocheck thing should have been removed with the last combofix.

Copy the next line:

reg query HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager /s > \junk.txt

Start, Run, cmd, OK then
right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
Now type:

notepad \junk.txt

(space before the \. Copy and paste the text into a reply.)

Ron

#15
dolsson

Posted 30 October 2011 - 05:40 PM

Member

Topic Starter
Member
17 posts

Here is the ESET Log. It found some stuff, though maybe mostly in restore points and quarantines. I will post the BitDefender scan once it's done.

C:\Qoobox\Quarantine\C\Documents and Settings\***Name Removed for Privacy***\Local Settings\Application Data\2021572f\X.vir Win32/Sirefef.DD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\HPZipm12.exe.vir Win32/Patched.HN trojan cleaned - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir Win32/Sirefef.DG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000025.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000032.sys Win32/Sirefef.DG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000076.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000077.exe Win32/Patched.HN trojan cleaned - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000780.exe Win32/Sirefef.DD trojan cleaned by deleting - quarantined