Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible host hijacker! OTL log posted.


  • Please log in to reply

#1
Jim45

Jim45

    Member

  • Member
  • PipPipPip
  • 234 posts
My research tells me I might have got what is known as host hijacker, and I think I got rid of it, but I'm not sure. My knowledge is extremely limited with this. Here is my OTL log, if someone could see if anything looks odd. I'm in between antivirus programs at the moment, and that may be how it occurred. When OTL was finished scanning it put the logfile on my desktop, and there was also a database file called "Thumbs" which I can't open.After a bit, it just went away. Never seen that before. Thanks in advance!


OTL logfile created on: 11/20/2011 02:07:14 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jim Lundquist\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 598.33 Mb Available Physical Memory | 58.47% Memory free
2.41 Gb Paging File | 2.05 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 18.09 Gb Free Space | 48.56% Space Free | Partition Type: NTFS

Computer Name: JIM | User Name: Jim Lundquist | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 01:04:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Lundquist\Desktop\OTL.exe
PRC - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 14:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2010/05/24 11:33:00 | 003,822,592 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax
MOD - [2010/05/19 12:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/11 13:19:04 | 000,797,184 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.ax
MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/04/13 16:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Symantec Core LC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/11 00:37:39 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/08/25 21:42:40 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/11 11:28:18 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/02/28 01:50:00 | 000,068,190 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/02/28 01:50:00 | 000,051,214 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/02/28 01:50:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 05:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 04:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 04:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 04:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 04:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/05/14 17:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 18:11:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 06:03:01 | 000,000,000 | ---D | M]

[2008/11/26 15:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Extensions
[2005/01/08 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\438318sa.default\extensions
[2005/01/08 22:52:07 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\438318sa.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/11 23:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\e029mqmu.default\extensions
[2010/09/17 13:31:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\e029mqmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 22:56:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\e029mqmu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/11 23:12:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\e029mqmu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/07 11:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/11 18:11:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/18 19:45:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/11 18:11:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 18:11:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/20 02:28:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [P2kAutostart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108775
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108775
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1093415681217 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} http://www.creative....ClientNoMFC.cab (Creative Product Registration ActiveX Control Module)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?322 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866B4473-554A-423C-9CDA-751CB3F3A5D5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866B4473-554A-423C-9CDA-751CB3F3A5D5}: NameServer = 68.94.156.1,206.13.28.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim Lundquist\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim Lundquist\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/24 19:15:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 01:54:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/20 01:04:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim Lundquist\Desktop\OTL.exe
[2011/11/20 00:28:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim Lundquist\Recent
[2011/11/19 00:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Musicmatch
[2011/11/19 00:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/11/18 22:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/18 22:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/18 21:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/18 11:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/11 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 8 Qt
[2011/11/11 18:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2011/11/11 18:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Lundquist\My Documents\DVDFab
[2011/11/05 09:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2011/11/03 19:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Lundquist\dwhelper
[2011/11/02 17:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Lundquist\Local Settings\Application Data\Deployment
[2008/06/11 22:10:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jim Lundquist\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/20 13:31:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/20 10:47:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2011/11/20 10:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/20 10:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 10:37:29 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 07:38:17 | 1560,460,726 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\UFC.139.Shogun.vs.Henderson.19th.Nov.2011.HDTV.x264-Sir.Paul.AVI
[2011/11/20 02:28:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/20 01:04:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Lundquist\Desktop\OTL.exe
[2011/11/19 23:33:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/17 18:24:36 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shortcut to Microsoft Word.lnk
[2011/11/17 15:59:26 | 000,038,458 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\eset.jpg
[2011/11/15 20:21:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/14 21:42:56 | 000,077,361 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\AT&T bill.jpg
[2011/11/11 18:50:25 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\DVDFab 8 Qt.lnk
[2011/11/06 09:53:50 | 000,433,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 09:53:50 | 000,067,798 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 15:52:15 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\default.pls
[2011/11/05 00:34:33 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jim Lundquist\Desktop\procexp.exe
[2011/11/05 00:34:33 | 000,072,268 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\procexp.chm
[2011/11/03 11:58:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/03 11:42:12 | 000,077,953 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\My Documents\bookmark.htm
[2011/11/02 18:16:07 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Mozilla Firefox.lnk
[2011/10/22 19:14:20 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Japantown San Francisco Parking Rates.url

========== Files Created - No Company Name ==========

[2011/11/20 02:35:56 | 1560,460,726 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\UFC.139.Shogun.vs.Henderson.19th.Nov.2011.HDTV.x264-Sir.Paul.AVI
[2011/11/18 18:15:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\Microsoft\Internet Explorer\Quick Launch\Recycle Bin.lnk
[2011/11/15 20:21:53 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 15:06:11 | 000,038,458 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\eset.jpg
[2011/11/11 18:50:25 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\DVDFab 8 Qt.lnk
[2011/11/03 11:58:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/03 11:42:08 | 000,077,953 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\My Documents\bookmark.htm
[2011/11/02 18:16:07 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Mozilla Firefox.lnk
[2011/10/22 19:14:20 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Desktop\Japantown San Francisco Parking Rates.url
[2011/06/25 01:36:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/06/25 01:15:50 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 01:15:50 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 01:15:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 01:15:09 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/25 01:05:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 01:05:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/11 21:11:59 | 000,001,844 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2010/09/11 21:11:55 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2010/09/11 21:11:40 | 000,001,206 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2010/09/11 21:11:38 | 000,003,008 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/09/11 21:11:22 | 000,003,153 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2010/09/11 21:11:14 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/09/11 21:10:59 | 000,002,843 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2010/09/11 21:10:15 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp CD Writer.dat
[2010/09/11 21:09:39 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/09/11 21:09:27 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/09/11 20:26:02 | 000,002,987 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/05/24 11:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 11:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 11:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 11:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 11:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 11:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 11:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 11:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 11:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 11:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 11:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 11:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 11:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 11:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 11:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 11:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 11:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 12:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 12:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 12:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 12:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 12:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 12:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 12:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 12:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 12:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 12:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 12:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 12:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 12:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/01/05 12:30:39 | 000,001,527 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2009/11/18 10:48:23 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\swk.ini
[2009/08/11 13:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 08:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/18 19:03:10 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\AutoGK.ini
[2009/02/07 21:13:52 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxtt.gif
[2009/02/07 21:13:52 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxnn.gif
[2009/02/07 21:13:52 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\awRL2pFxyy.gif
[2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 07:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/26 16:07:02 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/06/11 22:10:59 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\ezpinst.exe
[2008/06/11 22:10:59 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\pcouffin.cat
[2008/06/11 22:10:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\pcouffin.inf
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/05/30 16:26:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/04 00:58:26 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2006/12/14 14:41:45 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2006/08/26 15:46:26 | 000,001,151 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/08/11 21:06:26 | 000,006,080 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/07/25 18:31:28 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Jim Lundquist\Application Data\.zreglib
[2006/07/08 08:42:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/31 08:57:14 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/30 22:14:12 | 000,094,263 | ---- | C] () -- C:\WINDOWS\HPHins03.dat.temp
[2005/11/30 22:14:12 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2005/11/30 22:11:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Local Settings\Application Data\fusioncache.dat
[2005/11/30 21:27:06 | 000,094,812 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/11/30 21:27:06 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/04/03 21:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoPro.INI
[2005/04/03 20:10:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/04/03 20:10:43 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/04/03 20:10:42 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/04/03 20:10:41 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/04/03 20:10:40 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/04/03 20:10:40 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/04/03 20:10:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/04/03 20:10:39 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/04/03 20:10:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/04/03 20:10:36 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/04/03 20:10:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2005/04/03 20:10:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/01/08 22:52:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/08 22:51:16 | 000,002,650 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/01/06 23:30:27 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2005/01/06 23:29:21 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2005/01/06 23:29:21 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2004/11/07 18:41:39 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/30 14:33:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/28 17:26:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2004/09/28 17:26:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/25 21:23:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/08/25 17:38:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2004/08/25 17:29:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/08/25 14:30:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/24 22:52:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/08/24 21:15:58 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Jim Lundquist\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/24 20:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/08/24 19:18:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/24 19:12:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/24 12:03:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/24 12:02:15 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/06/06 20:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/18 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 04:00:00 | 000,433,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 04:00:00 | 000,067,798 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 04:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/01/23 23:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2001/01/22 02:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(4).DLL
[2001/01/22 02:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(3).DLL
[2001/01/22 02:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2006/01/05 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/01/05 22:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/09/05 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/07/28 13:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/10/30 20:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2010/09/06 22:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/09 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\ACCFED33F6D050E8BECFA975BBCAEF1D
[2010/10/17 21:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Amazon
[2010/09/06 22:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\BinarySense
[2009/04/12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\dBpoweramp
[2011/07/30 18:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\ImgBurn
[2009/04/30 13:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Mp3tag
[2009/04/30 21:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\SanDisk
[2006/07/25 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\SlySoft
[2008/06/12 00:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\Vso
[2005/05/19 22:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Lundquist\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

Edited by Jim45, 20 November 2011 - 04:16 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
The database file is just a hidden system file that was made visible by OTL. It just contains thumbnails of any pictures on your desktop. Nothing to worry about.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



I don't see anything bad except a broken Symantec install. I assume this is not a paid up subscription so let's remove it and put on the free Avast.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
If it found something then see if you can find the text version of the logfile and copy and paste it.
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt

Ron
  • 0

#3
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
Thanks for the reply! I haven't had Norton on my computer in years, and though I got every last piece of that program off. I will get started on all the other stuff, and post the logs as soon as I can.
  • 0

#4
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
O.k. here is everything except for the Avast scan log. I had to uninstall it. As soon as I installed it and tried to update it, it said the connection to the server failed, or something like that. I tried several times. I couldn't register it either. I have ESET NOD32 on my computer right now, but I had it disabled during this. Neither Firefox or Internet explorer would connect to the internet either. Told me to check my Firewall settings, or something like that. The only Firewall in the equation was the Windows Firewall. Turned that off, and no difference. My computer almost came to a halt too. I finally uninstalled it. I don't know what was going on, but I can connect to the internet after uninstalling it, and I could before I installed it. Like I said, here is everything else you asked for.


MBAM


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 03:29:10 PM
mbam-log-2011-11-21 (15-29-10).txt

Scan type: Quick scan
Objects scanned: 190118
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix



ComboFix 11-11-21.01 - Jim Lundquist 11/21/2011 17:38:13.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.577 [GMT -8:00]
Running from: c:\documents and settings\Jim Lundquist\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jim Lundquist\WINDOWS
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\system32\DC120fc7_32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-21 23:22 . 2011-11-21 23:22 -------- d-----w- c:\documents and settings\Jim Lundquist\Application Data\Malwarebytes
2011-11-21 23:21 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 23:21 . 2011-11-21 23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 00:11 . 2011-11-21 00:11 -------- d-----w- c:\program files\ESET
2011-11-21 00:11 . 2011-11-21 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-11-20 09:54 . 2011-11-20 09:54 -------- d-----w- C:\_OTL
2011-11-19 08:04 . 2011-11-19 08:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-19 08:02 . 2011-11-19 08:02 -------- d-----w- c:\program files\Musicmatch
2011-11-19 08:02 . 2011-11-19 08:02 -------- d-----w- c:\program files\Motorola
2011-11-19 06:19 . 2011-11-19 06:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-11-19 06:15 . 2011-11-20 00:52 -------- d-----w- c:\windows\system32\NtmsData
2011-11-19 05:20 . 2011-11-20 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-18 19:06 . 2011-11-18 19:06 -------- d-----w- c:\program files\CCleaner
2011-11-12 02:49 . 2011-11-12 02:52 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-11-05 17:45 . 2011-11-05 17:45 -------- d-----w- c:\program files\ConvertHelper
2011-11-04 03:07 . 2011-11-05 16:56 -------- d-----w- c:\documents and settings\Jim Lundquist\dwhelper
2011-11-03 01:51 . 2011-11-03 01:51 -------- d-----w- c:\documents and settings\Jim Lundquist\Local Settings\Application Data\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 02:40 . 2011-06-05 17:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 03:45 . 2011-10-19 03:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-19 03:45 . 2010-09-12 17:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22 . 2004-08-25 03:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-11-27 00:01 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 02:11 . 2011-11-12 02:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim Lundquist^Start Menu^Programs^Startup^HDDlife.lnk]
path=c:\documents and settings\Jim Lundquist\Start Menu\Programs\Startup\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
2002-03-07 17:50 35328 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 22:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-04-06 10:28 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 04:42 659456 ----a-w- c:\windows\system32\hphmon06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2004-06-07 04:53 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 05:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 22:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 09:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 09:20 AM 103112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/25/2011 01:16 AM 2214504]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\JIMLUN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\JIMLUN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/25/2006 08:40 PM 47360]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [9/5/2010 08:42 AM 229376]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{866B4473-554A-423C-9CDA-751CB3F3A5D5}: NameServer = 68.94.156.1,206.13.28.12
DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} - hxxp://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
FF - ProfilePath - c:\documents and settings\Jim Lundquist\Application Data\Mozilla\Firefox\Profiles\e029mqmu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-P2kAutostart - (no file)
MSConfigStartUp-IPInSightMonitor 01 - c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 17:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-21 17:52:36
ComboFix-quarantined-files.txt 2011-11-22 01:52
.
Pre-Run: 20,523,479,040 bytes free
Post-Run: 20,498,735,104 bytes free
.
- - End Of File - - E25A5C0935500CD0077C220F55219387


TDSSKiller



17:56:00.0968 3116 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
17:56:01.0484 3116 ============================================================
17:56:01.0484 3116 Current date / time: 2011/11/21 17:56:01.0484
17:56:01.0484 3116 SystemInfo:
17:56:01.0484 3116
17:56:01.0484 3116 OS Version: 5.1.2600 ServicePack: 3.0
17:56:01.0484 3116 Product type: Workstation
17:56:01.0484 3116 ComputerName: JIM
17:56:01.0484 3116 UserName: Jim Lundquist
17:56:01.0484 3116 Windows directory: C:\WINDOWS
17:56:01.0484 3116 System windows directory: C:\WINDOWS
17:56:01.0484 3116 Processor architecture: Intel x86
17:56:01.0484 3116 Number of processors: 1
17:56:01.0484 3116 Page size: 0x1000
17:56:01.0484 3116 Boot type: Normal boot
17:56:01.0484 3116 ============================================================
17:56:04.0062 3116 Initialize success
17:56:17.0375 2696 ============================================================
17:56:17.0375 2696 Scan started
17:56:17.0375 2696 Mode: Manual;
17:56:17.0375 2696 ============================================================
17:56:17.0890 2696 Abiosdsk - ok
17:56:18.0031 2696 abp480n5 - ok
17:56:18.0234 2696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:56:18.0250 2696 ACPI - ok
17:56:18.0437 2696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:56:18.0437 2696 ACPIEC - ok
17:56:18.0593 2696 adpu160m - ok
17:56:18.0765 2696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:56:18.0765 2696 aec - ok
17:56:18.0953 2696 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:56:18.0953 2696 AFD - ok
17:56:19.0125 2696 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:56:19.0140 2696 agp440 - ok
17:56:19.0281 2696 Aha154x - ok
17:56:19.0421 2696 aic78u2 - ok
17:56:19.0562 2696 aic78xx - ok
17:56:19.0718 2696 AliIde - ok
17:56:19.0859 2696 amsint - ok
17:56:20.0046 2696 asc - ok
17:56:20.0187 2696 asc3350p - ok
17:56:20.0328 2696 asc3550 - ok
17:56:20.0531 2696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:56:20.0531 2696 AsyncMac - ok
17:56:20.0703 2696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:56:20.0718 2696 atapi - ok
17:56:20.0859 2696 Atdisk - ok
17:56:21.0062 2696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:56:21.0078 2696 Atmarpc - ok
17:56:21.0265 2696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:56:21.0265 2696 audstub - ok
17:56:21.0453 2696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:56:21.0453 2696 Beep - ok
17:56:21.0578 2696 catchme - ok
17:56:21.0750 2696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:56:21.0750 2696 cbidf2k - ok
17:56:21.0906 2696 cd20xrnt - ok
17:56:22.0093 2696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:56:22.0109 2696 Cdaudio - ok
17:56:22.0312 2696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:56:22.0328 2696 Cdfs - ok
17:56:22.0484 2696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:56:22.0484 2696 Cdrom - ok
17:56:22.0640 2696 Changer - ok
17:56:22.0812 2696 CmdIde - ok
17:56:22.0984 2696 Cpqarray - ok
17:56:23.0187 2696 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
17:56:23.0187 2696 ctljystk - ok
17:56:23.0343 2696 dac2w2k - ok
17:56:23.0484 2696 dac960nt - ok
17:56:23.0656 2696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:56:23.0656 2696 Disk - ok
17:56:23.0890 2696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:56:23.0906 2696 dmboot - ok
17:56:24.0093 2696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:56:24.0109 2696 dmio - ok
17:56:24.0312 2696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:56:24.0312 2696 dmload - ok
17:56:24.0515 2696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:56:24.0515 2696 DMusic - ok
17:56:24.0671 2696 dpti2o - ok
17:56:24.0843 2696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:56:24.0843 2696 drmkaud - ok
17:56:25.0031 2696 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:56:25.0031 2696 eamon - ok
17:56:25.0250 2696 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:56:25.0250 2696 ehdrv - ok
17:56:25.0453 2696 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
17:56:25.0453 2696 emu10k - ok
17:56:25.0640 2696 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
17:56:25.0640 2696 emu10k1 - ok
17:56:25.0812 2696 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:56:25.0812 2696 epfwtdir - ok
17:56:25.0843 2696 EraserUtilRebootDrv - ok
17:56:25.0953 2696 esihdrv - ok
17:56:26.0203 2696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:56:26.0203 2696 Fastfat - ok
17:56:26.0375 2696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:56:26.0375 2696 Fdc - ok
17:56:26.0531 2696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:56:26.0546 2696 Fips - ok
17:56:26.0718 2696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:56:26.0718 2696 Flpydisk - ok
17:56:26.0890 2696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:56:26.0890 2696 FltMgr - ok
17:56:27.0062 2696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:56:27.0062 2696 Fs_Rec - ok
17:56:27.0250 2696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:56:27.0265 2696 Ftdisk - ok
17:56:27.0437 2696 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:56:27.0437 2696 gameenum - ok
17:56:27.0609 2696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:56:27.0609 2696 Gpc - ok
17:56:27.0828 2696 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
17:56:27.0828 2696 HCF_MSFT - ok
17:56:28.0046 2696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:56:28.0046 2696 HidUsb - ok
17:56:28.0218 2696 hpn - ok
17:56:28.0390 2696 hpt3xx - ok
17:56:28.0593 2696 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:56:28.0593 2696 HPZid412 - ok
17:56:28.0796 2696 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:56:28.0796 2696 HPZipr12 - ok
17:56:29.0015 2696 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:56:29.0015 2696 HPZius12 - ok
17:56:29.0218 2696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:56:29.0218 2696 HTTP - ok
17:56:29.0375 2696 i2omgmt - ok
17:56:29.0531 2696 i2omp - ok
17:56:29.0718 2696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:56:29.0718 2696 i8042prt - ok
17:56:29.0906 2696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:56:29.0906 2696 Imapi - ok
17:56:30.0078 2696 ini910u - ok
17:56:30.0234 2696 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:56:30.0234 2696 IntelIde - ok
17:56:30.0421 2696 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:56:30.0421 2696 ip6fw - ok
17:56:30.0609 2696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:56:30.0609 2696 IpFilterDriver - ok
17:56:30.0796 2696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:56:30.0796 2696 IpInIp - ok
17:56:31.0000 2696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:56:31.0000 2696 IpNat - ok
17:56:31.0203 2696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:56:31.0218 2696 IPSec - ok
17:56:31.0390 2696 IPVNMon (f60af0f89204a9177d110e3b2bd9fa0b) C:\WINDOWS\system32\drivers\IPVNMon.sys
17:56:31.0390 2696 IPVNMon - ok
17:56:31.0578 2696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:56:31.0578 2696 IRENUM - ok
17:56:31.0781 2696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:56:31.0781 2696 isapnp - ok
17:56:31.0953 2696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:56:31.0953 2696 Kbdclass - ok
17:56:32.0140 2696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:56:32.0140 2696 kbdhid - ok
17:56:32.0343 2696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:56:32.0343 2696 kmixer - ok
17:56:32.0500 2696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:56:32.0515 2696 KSecDD - ok
17:56:32.0687 2696 l8042pr2 (383b46ac17297dbd91e57d99db151bf2) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
17:56:32.0687 2696 l8042pr2 - ok
17:56:32.0859 2696 lbrtfdc - ok
17:56:33.0078 2696 LKbdFlt2 (581f613700442bebb013abff2391ce89) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
17:56:33.0078 2696 LKbdFlt2 - ok
17:56:33.0281 2696 LMouFlt2 (7142cfe09594320c2a7c87b731908ee9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
17:56:33.0281 2696 LMouFlt2 - ok
17:56:33.0484 2696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:56:33.0484 2696 mnmdd - ok
17:56:33.0671 2696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:56:33.0671 2696 Modem - ok
17:56:33.0828 2696 motccgp - ok
17:56:33.0968 2696 motccgpfl - ok
17:56:34.0109 2696 MotDev - ok
17:56:34.0265 2696 motmodem - ok
17:56:34.0406 2696 motport - ok
17:56:34.0562 2696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:56:34.0562 2696 Mouclass - ok
17:56:34.0765 2696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:56:34.0765 2696 MountMgr - ok
17:56:34.0906 2696 mraid35x - ok
17:56:35.0000 2696 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:56:35.0000 2696 MREMP50 - ok
17:56:35.0015 2696 MREMPR5 - ok
17:56:35.0031 2696 MRENDIS5 - ok
17:56:35.0062 2696 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:56:35.0062 2696 MRESP50 - ok
17:56:35.0265 2696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:56:35.0265 2696 MRxDAV - ok
17:56:35.0484 2696 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:56:35.0484 2696 MRxSmb - ok
17:56:35.0671 2696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:56:35.0671 2696 Msfs - ok
17:56:35.0859 2696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:56:35.0859 2696 MSKSSRV - ok
17:56:36.0078 2696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:56:36.0078 2696 MSPCLOCK - ok
17:56:36.0281 2696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:56:36.0281 2696 MSPQM - ok
17:56:36.0468 2696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:56:36.0468 2696 mssmbios - ok
17:56:36.0671 2696 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:56:36.0671 2696 Mup - ok
17:56:36.0859 2696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:56:36.0859 2696 NDIS - ok
17:56:37.0046 2696 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:56:37.0046 2696 NdisTapi - ok
17:56:37.0250 2696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:56:37.0250 2696 Ndisuio - ok
17:56:37.0453 2696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:56:37.0453 2696 NdisWan - ok
17:56:37.0625 2696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:56:37.0625 2696 NDProxy - ok
17:56:37.0796 2696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:56:37.0796 2696 NetBIOS - ok
17:56:37.0984 2696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:56:37.0984 2696 NetBT - ok
17:56:38.0234 2696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:56:38.0250 2696 Npfs - ok
17:56:38.0453 2696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:56:38.0468 2696 Ntfs - ok
17:56:38.0656 2696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:56:38.0671 2696 Null - ok
17:56:39.0468 2696 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:56:39.0625 2696 nv - ok
17:56:39.0843 2696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:56:39.0859 2696 NwlnkFlt - ok
17:56:40.0015 2696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:56:40.0031 2696 NwlnkFwd - ok
17:56:40.0203 2696 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:56:40.0203 2696 OMCI - ok
17:56:40.0390 2696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:56:40.0390 2696 Parport - ok
17:56:40.0562 2696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:56:40.0562 2696 PartMgr - ok
17:56:40.0734 2696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:56:40.0734 2696 ParVdm - ok
17:56:40.0875 2696 PCAMPR5 - ok
17:56:41.0046 2696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:56:41.0046 2696 PCI - ok
17:56:41.0234 2696 PCIDump - ok
17:56:41.0406 2696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:56:41.0406 2696 PCIIde - ok
17:56:41.0609 2696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:56:41.0609 2696 Pcmcia - ok
17:56:41.0796 2696 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:56:41.0796 2696 Pcouffin - ok
17:56:41.0968 2696 PDCOMP - ok
17:56:42.0125 2696 PDFRAME - ok
17:56:42.0281 2696 PDRELI - ok
17:56:42.0437 2696 PDRFRAME - ok
17:56:42.0578 2696 perc2 - ok
17:56:42.0718 2696 perc2hib - ok
17:56:42.0937 2696 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
17:56:42.0937 2696 pfc - ok
17:56:43.0171 2696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:56:43.0171 2696 PptpMiniport - ok
17:56:43.0359 2696 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:56:43.0359 2696 Processor - ok
17:56:43.0578 2696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:56:43.0578 2696 PSched - ok
17:56:43.0750 2696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:56:43.0750 2696 Ptilink - ok
17:56:43.0937 2696 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:56:43.0937 2696 PxHelp20 - ok
17:56:44.0109 2696 ql1080 - ok
17:56:44.0250 2696 Ql10wnt - ok
17:56:44.0390 2696 ql12160 - ok
17:56:44.0531 2696 ql1240 - ok
17:56:44.0687 2696 ql1280 - ok
17:56:44.0859 2696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:56:44.0859 2696 RasAcd - ok
17:56:45.0062 2696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:56:45.0062 2696 Rasl2tp - ok
17:56:45.0250 2696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:56:45.0250 2696 RasPppoe - ok
17:56:45.0437 2696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:56:45.0437 2696 Raspti - ok
17:56:45.0625 2696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:56:45.0640 2696 Rdbss - ok
17:56:45.0796 2696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:56:45.0812 2696 RDPCDD - ok
17:56:46.0015 2696 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:56:46.0015 2696 RDPWD - ok
17:56:46.0250 2696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:56:46.0250 2696 redbook - ok
17:56:46.0453 2696 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:56:46.0453 2696 ROOTMODEM - ok
17:56:46.0640 2696 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:56:46.0656 2696 rtl8139 - ok
17:56:46.0781 2696 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:56:46.0781 2696 SASDIFSV - ok
17:56:46.0796 2696 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:56:46.0812 2696 SASKUTIL - ok
17:56:47.0000 2696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:56:47.0000 2696 Secdrv - ok
17:56:47.0218 2696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:56:47.0234 2696 serenum - ok
17:56:47.0406 2696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:56:47.0406 2696 Serial - ok
17:56:47.0625 2696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:47.0640 2696 Sfloppy - ok
17:56:47.0812 2696 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
17:56:47.0828 2696 sfman - ok
17:56:47.0984 2696 Simbad - ok
17:56:48.0156 2696 Sparrow - ok
17:56:48.0375 2696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:56:48.0375 2696 splitter - ok
17:56:48.0578 2696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:48.0578 2696 sr - ok
17:56:48.0812 2696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:48.0812 2696 Srv - ok
17:56:49.0015 2696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:49.0015 2696 swenum - ok
17:56:49.0218 2696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:56:49.0218 2696 swmidi - ok
17:56:49.0390 2696 symc810 - ok
17:56:49.0515 2696 symc8xx - ok
17:56:49.0671 2696 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
17:56:49.0671 2696 symlcbrd - ok
17:56:49.0828 2696 sym_hi - ok
17:56:49.0968 2696 sym_u3 - ok
17:56:50.0156 2696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:50.0156 2696 sysaudio - ok
17:56:50.0359 2696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:50.0359 2696 Tcpip - ok
17:56:50.0546 2696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:50.0546 2696 TDPIPE - ok
17:56:50.0734 2696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:50.0734 2696 TDTCP - ok
17:56:50.0937 2696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:50.0937 2696 TermDD - ok
17:56:51.0125 2696 TosIde - ok
17:56:51.0328 2696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:56:51.0328 2696 Udfs - ok
17:56:51.0468 2696 ultra - ok
17:56:51.0703 2696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:56:51.0718 2696 Update - ok
17:56:51.0906 2696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:56:51.0906 2696 usbccgp - ok
17:56:52.0078 2696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:56:52.0078 2696 usbehci - ok
17:56:52.0281 2696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:56:52.0281 2696 usbhub - ok
17:56:52.0453 2696 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:56:52.0453 2696 usbohci - ok
17:56:52.0640 2696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:56:52.0640 2696 usbprint - ok
17:56:52.0781 2696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:56:52.0781 2696 usbscan - ok
17:56:52.0968 2696 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:56:52.0968 2696 usbsermpt - ok
17:56:53.0171 2696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:56:53.0171 2696 USBSTOR - ok
17:56:53.0390 2696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:56:53.0390 2696 usbuhci - ok
17:56:53.0562 2696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:56:53.0562 2696 VgaSave - ok
17:56:53.0703 2696 ViaIde - ok
17:56:53.0875 2696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:56:53.0875 2696 VolSnap - ok
17:56:54.0109 2696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:56:54.0109 2696 Wanarp - ok
17:56:54.0328 2696 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:56:54.0328 2696 Wdf01000 - ok
17:56:54.0484 2696 WDICA - ok
17:56:54.0671 2696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:56:54.0671 2696 wdmaud - ok
17:56:54.0968 2696 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:56:54.0968 2696 WpdUsb - ok
17:56:55.0140 2696 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:56:55.0140 2696 WS2IFSL - ok
17:56:55.0343 2696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:56:55.0343 2696 WudfPf - ok
17:56:55.0515 2696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:56:55.0515 2696 WudfRd - ok
17:56:55.0578 2696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:56:55.0734 2696 \Device\Harddisk0\DR0 - ok
17:56:55.0750 2696 Boot (0x1200) (7885b0807566fcbaebd891e74444dd53) \Device\Harddisk0\DR0\Partition0
17:56:55.0750 2696 \Device\Harddisk0\DR0\Partition0 - ok
17:56:55.0750 2696 ============================================================
17:56:55.0750 2696 Scan finished
17:56:55.0750 2696 ============================================================
17:56:55.0781 1572 Detected object count: 0
17:56:55.0781 1572 Actual detected object count: 0
17:57:14.0546 1476 Deinitialize success


aswMBR


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 17:58:56
-----------------------------
17:58:56.734 OS Version: Windows 5.1.2600 Service Pack 3
17:58:56.734 Number of processors: 1 586 0x102
17:58:56.734 ComputerName: JIM UserName:
17:58:57.671 Initialize success
17:59:58.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:59:58.640 Disk 0 Vendor: WDC_WD400BB-75CLB0 05.04E05 Size: 38166MB BusType: 3
18:00:00.656 Disk 0 MBR read successfully
18:00:00.656 Disk 0 MBR scan
18:00:00.656 Disk 0 Windows XP default MBR code
18:00:00.656 Disk 0 scanning sectors +78140160
18:00:00.734 Disk 0 scanning C:\WINDOWS\system32\drivers
18:00:09.375 Service scanning
18:00:10.625 Modules scanning
18:00:18.203 Scan finished successfully
18:00:50.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim Lundquist\Desktop\MBR.dat"
18:00:50.312 The log file has been saved successfully to "C:\Documents and Settings\Jim Lundquist\Desktop\aswMBR.txt"



^^^Oh.......the Fix button was NOT enabled on completion of the scan.

Edited by Jim45, 21 November 2011 - 09:59 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Doesn't look like you picked up anything. Logs are clean. Don't know what happened with Avast - perhaps it and ESET don't get along.

I think we can just cleanup now unless you have other problems.


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#6
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
Thanks for the help, and the tips! I have Java 6 update 29, the Java site said 7 wasn't really released yet, so I left that alone. Ran the cleanup, created the restore point, etc. etc. Yeah, that thing with Avast was strange, had to be a conflict with NOD32.

Edited by Jim45, 22 November 2011 - 11:57 AM.

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Java 6 update 20 is too old. You need at least Java 6 update 29. Make sure you remove update 20 if Java doesn't do it for you.
  • 0

#8
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts

Java 6 update 20 is too old. You need at least Java 6 update 29. Make sure you remove update 20 if Java doesn't do it for you.

That was a typo, I meant 29, sorry!.

Something I noticed last night and today......certain pages don't load right in Firefox(8.0) Here is a perfect example: http://promotions.ne...t-_-icon-_-icon

That page will load fine in IE, but not Firefox, would you happen to know why that may be? I attached an image of how I see it with Firefox. Does it have anything to with any of the tools I installed and the cleanup of my computer? Seems like it just started, but I'm not 100% sure. Thanks!

I got a couple messages last night saying the connection was reset while the page was loading on a couple sites too.

Attached Thumbnails

  • newegg.jpg

Edited by Jim45, 22 November 2011 - 12:20 PM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
If you had run the updatechecker it would have offered a Java 7 version. Make sure you update your Adobe products. They are being hit really hard these days along with Java by infected websites so very important to keep them uptodate.. Looks OK to me with Firefox 8. Click on Firefox then hover over Help and it will show a menu. Click on Restart with Add-Ons Disabled. Once it restarts, Continue in Safe Mode and see if it looks right now. You have NoScript running in Firefox so it might need to be told that newegg.com is trusted to run scripts.
  • 0

#10
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts

If you had run the updatechecker it would have offered a Java 7 version. Make sure you update your Adobe products. They are being hit really hard these days along with Java by infected websites so very important to keep them uptodate.. Looks OK to me with Firefox 8. Click on Firefox then hover over Help and it will show a menu. Click on Restart with Add-Ons Disabled. Once it restarts, Continue in Safe Mode and see if it looks right now. You have NoScript running in Firefox so it might need to be told that newegg.com is trusted to run scripts.

It looks the same as that screenshot when running it in safe mode. How do I tell it that newegg is trusted to run scripts?

I just used the update checker in the Java control panel, and it told me I had the latest platform.

Edited by Jim45, 22 November 2011 - 12:44 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
If you right click while on the newegg page (in regular mode) you should see the NoScript option in the menu. Select it and you get a choice of options. One of them should be Allow newegg.com unless you have already allowed them. You should also have several other options like Allow all this page and Temporarily Allow All this page. However, if it looks the same in Firefox running without add-ons then noscript is not the problem.

Perhaps a reinstall of Firefox 8 would help?

Could this be something NOD32 is doing?
  • 0

#12
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts

If you right click while on the newegg page (in regular mode) you should see the NoScript option in the menu. Select it and you get a choice of options. One of them should be Allow newegg.com unless you have already allowed them. You should also have several other options like Allow all this page and Temporarily Allow All this page. However, if it looks the same in Firefox running without add-ons then noscript is not the problem.

Perhaps a reinstall of Firefox 8 would help?

Could this be something NOD32 is doing?

I restarted Firefox again with add-ons disabled, and disabled NOD32, and I don't see that option when I right click on the newegg page, and disabling NOD32 didn't change how that page looks.

Edited by Jim45, 22 November 2011 - 01:51 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
The right click option for NoScript should only be there in regular mode. If it is not there then NoScript is not correctly installed even tho it shows up in your OTL log.

I think you should backup your profile

http://kb.mozillazin...ofile_-_Firefox

Then create a new profile. See if the new profile has the same problem. If it does then uninstall Firefox, make sure that the old profiles have been removed then download the latest version of Firefox and see if it has the same problem.
  • 0

#14
Jim45

Jim45

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 234 posts
Now that same page is loading fine, both in safe mode, and with add-ons enabled. I don't get it.....why wasn't it loading properly earlier?
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Did you create a new profile? Perhaps the old one was messed up.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP