Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tidserv Activity 2 scaring me. Please help [Solved]


  • This topic is locked This topic is locked

#1
saintsfan39475

saintsfan39475

    Member

  • Member
  • PipPip
  • 20 posts
I am using Norton Anti-virus from Xfinity. I also have Spybot S&D installed. Norton has given me this: "Threat requiring manual removal detected: System Infected: Tidserv Activity 2." After checking some forums about Tidserv, I found Norton cannot fix the problem and I started to freak a little. The best advise I read was to come here. I have run Spybot and cleaned infected files but am still getting notice. Could someone help me please.

Note: I keep getting flashing black screen on top half of my browser. Very fast flash about every 5 min. or so.
Also got 2 notepad files after running OTL, Extras.txt and OTL.txt. Will post both.

OTL Extras logfile created on: 1/20/2012 10:45:23 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Roger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
6.84 Gb Paging File | 4.54 Gb Available in Paging File | 66.45% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.33 Gb Total Space | 126.16 Gb Free Space | 43.75% Space Free | Partition Type: NTFS

Computer Name: ROGERPC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Roger\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Roger\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{2704bbe6-b8b9-4d3c-a278-78e9b6c672be}" = Nero 9
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 290.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Astroburn Lite" = Astroburn Lite
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenVPN" = OpenVPN 2.1_rc15
"PokerStars.net" = PokerStars.net
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"Steam App 72850" = The Elder Scrolls V: Skyrim
"UltraISO_is1" = UltraISO Premium V9.52
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Official Mods Patch_is1" = Unofficial Official Mods Patch v15
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.4.0
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2011 11:57:39 AM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 8/29/2011 5:25:18 PM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x000ee8b0.

Error - 8/30/2011 9:58:01 AM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x000ee8b0.

Error - 9/1/2011 6:37:54 PM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001168b.

Error - 9/3/2011 3:59:58 PM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x000ee8b0.

Error - 9/3/2011 6:37:43 PM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x000ee8b0.

Error - 9/15/2011 1:07:19 PM | Computer Name = ROGERPC | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x000ee8b0.

Error - 9/25/2011 12:34:34 AM | Computer Name = ROGERPC | Source = Application Hang | ID = 1002
Description = Hanging application ConvertXtoDvd.exe, version 4.0.9.322, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2011 12:34:34 AM | Computer Name = ROGERPC | Source = Application Hang | ID = 1002
Description = Hanging application ConvertXtoDvd.exe, version 4.0.9.322, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2011 12:34:35 AM | Computer Name = ROGERPC | Source = Application Hang | ID = 1002
Description = Hanging application ConvertXtoDvd.exe, version 4.0.9.322, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/18/2012 7:22:53 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/18/2012 10:21:53 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/18/2012 10:22:53 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 11:57:42 AM | Computer Name = ROGERPC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 1/19/2012 3:14:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 3:15:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 6:14:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 6:15:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 8:44:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 1/19/2012 8:45:12 PM | Computer Name = ROGERPC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.


< End of report >

OTL logfile created on: 1/20/2012 10:45:23 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Roger\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
6.84 Gb Paging File | 4.54 Gb Available in Paging File | 66.45% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.33 Gb Total Space | 126.16 Gb Free Space | 43.75% Space Free | Partition Type: NTFS

Computer Name: ROGERPC | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 10:42:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
PRC - [2011/12/24 17:32:02 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/17 15:03:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Roger\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/11/03 02:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 08:33:49 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Roger\Local Settings\Temp\sfamcc00001.dll
MOD - [2012/01/20 08:33:48 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Roger\Local Settings\Temp\sfareca00001.dll
MOD - [2011/12/24 17:32:02 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/12/14 14:22:32 | 003,316,000 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_b427739.dll
MOD - [2011/11/14 08:10:20 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011/02/28 02:00:00 | 003,668,992 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010/11/07 06:18:14 | 000,552,960 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax
MOD - [2010/11/07 06:13:50 | 000,080,384 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2010/11/07 06:13:46 | 000,024,576 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/11/19 12:23:04 | 001,181,696 | ---- | M] () -- C:\Program Files\OpenVPN\bin\libeay32.dll
MOD - [2008/11/19 12:23:04 | 000,220,672 | ---- | M] () -- C:\Program Files\OpenVPN\bin\libssl32.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 04:42:44 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 04:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/05/14 17:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/17 15:03:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/14 14:22:32 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/19 12:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 15:33:05 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 08:21:41 | 000,122,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/11/09 06:53:23 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 06:53:23 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/03 19:23:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120119.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 19:23:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120119.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/07 15:24:22 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/18 10:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 19:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/08/17 05:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/08/05 00:16:44 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/11/19 12:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2005/01/11 08:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/28 16:47:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/20 08:31:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 17:32:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 17:32:04 | 000,000,000 | ---D | M]

[2011/03/20 18:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Extensions
[2012/01/20 07:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions
[2011/03/20 18:22:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/24 18:33:58 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/10/24 18:33:54 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2011/03/21 17:54:39 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/03/21 17:54:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\extensions\[email protected]
[2011/10/23 22:41:46 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\searchplugins\conduit.xml
[2011/12/29 07:51:45 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\searchplugins\safesearch.xml
[2011/03/20 18:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/20 08:31:43 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_4_3
[2011/09/28 16:47:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2011/03/20 17:36:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/31 04:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/03/17 13:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Roger\Application Data\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Roger\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKLM..\RunOnce: [SpybotDeletingE84] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [SpybotDeletingF6372] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADAF9A33-CF84-4B2C-8C46-0D41D30EA275}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Roger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/19 23:19:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 10:42:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
[2012/01/16 08:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/08 14:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/08 14:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/01/08 14:01:51 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/01/08 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/01/06 16:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/01/06 16:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Start Menu\Programs\SpeedFan
[2011/12/31 17:57:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/12/29 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/12/29 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/27 15:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2011/12/27 09:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/27 01:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/12/27 01:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/12/26 21:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/26 21:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/26 20:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/26 20:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/26 09:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Local Settings\Application Data\Skyrim
[2011/12/26 09:30:22 | 000,000,000 | ---D | C] -- C:\53f5c35aad6722379090a6df
[2011/12/25 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Start Menu\Programs\Steam
[2011/12/25 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/12/25 17:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/12/25 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/12/23 19:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unofficial Shivering Isles Patch
[2011/12/23 19:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unofficial Official Mods Patch
[2011/12/23 19:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unofficial Oblivion Patch
[2011/12/23 17:14:26 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/12/23 16:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/12/23 16:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/22 20:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Start Menu\Programs\OpenVPN
[2011/03/23 15:11:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Roger\Application Data\pcouffin.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 10:48:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/20 10:48:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{029CDB6B-93AC-4DE3-AB21-DEB55FD5F112}.job
[2012/01/20 10:42:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
[2012/01/20 09:44:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/20 08:31:10 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/20 08:31:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 10:30:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/16 08:37:20 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/16 08:37:20 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/16 08:37:15 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/08 14:02:09 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/08 14:01:58 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/01/06 16:41:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Roger\Desktop\SpeedFan.lnk
[2012/01/06 16:41:39 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/06 09:43:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/29 17:04:45 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/29 17:04:45 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 07:04:25 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/25 18:08:40 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Roger\Desktop\The Elder Scrolls V Skyrim.url
[2011/12/25 17:51:01 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/12/24 19:02:00 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/12/23 16:52:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/22 20:16:57 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Roger\Desktop\OpenVPN GUI.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 08:36:18 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/16 08:36:18 | 000,003,523 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/01/08 14:19:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/08 14:02:08 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/08 14:02:08 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/08 14:02:08 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/08 14:01:58 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/01/08 14:01:58 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/01/06 16:41:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Roger\Desktop\SpeedFan.lnk
[2012/01/06 16:41:37 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/12/26 20:31:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/26 09:31:13 | 000,069,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/25 18:08:40 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Roger\Desktop\The Elder Scrolls V Skyrim.url
[2011/12/25 17:51:00 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/12/23 18:50:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/12/23 16:52:50 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/23 16:52:47 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/23 16:52:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/23 16:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/12/19 22:05:07 | 000,014,286 | -HS- | C] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\n2ud17p4xf3wfv
[2011/12/19 22:05:07 | 000,014,286 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n2ud17p4xf3wfv
[2011/11/11 17:10:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/11 17:09:43 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/20 17:52:52 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/20 17:47:51 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/23 15:11:59 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\vso_ts_preview.xml
[2011/03/23 15:11:19 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\inst.exe
[2011/03/23 15:11:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\pcouffin.cat
[2011/03/23 15:11:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\pcouffin.inf
[2011/03/20 18:32:27 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/20 18:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/20 16:56:54 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/19 23:29:08 | 000,029,719 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/03/19 23:28:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/03/19 23:28:42 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/03/19 23:28:39 | 000,021,141 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/03/19 23:28:39 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/19 23:21:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/19 23:17:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/29 18:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2004/11/11 02:16:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2004/11/10 05:42:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2004/11/10 05:42:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2004/11/10 05:42:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2004/11/02 11:12:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/12/02 15:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2011/12/02 15:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/23 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/12/02 15:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\Astroburn Lite
[2011/12/18 11:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\BitTorrent
[2011/10/24 18:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\Complitly
[2011/12/02 15:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\DAEMON Tools Lite
[2011/03/20 17:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\OpenOffice.org
[2011/09/24 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\Vso
[2012/01/20 08:31:10 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/19 10:30:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/08 14:02:09 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/20 10:48:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{029CDB6B-93AC-4DE3-AB21-DEB55FD5F112}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I can see it

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Update, downloaded and installed combo fix. Turned off spybot and disabled all I could of Norton. Combo fix told me Norton was still running but started anyway. Combofix asked to download and install windows restore console, I ok'ed. Combo fix began scanning and told me machine was infected with rootkit and needed to restart machine. A message popped up saying Important do not attempt to manually restart allow combo fix to restart. Before I could click ok, message, all of my icons and task bar disappeared leaving only my wallpaper and norton warning box (which will not go away). I have been having problems with the system locking up for the past 3 to 7 days. System is not rebooting (after a little over an hour). What should I do? Sorry I'm so stupid!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you manually reboot and see if combofix has produced a log at C:\combofix.txt please
  • 0

#5
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
That went well. After manual reboot combofix was still running and did generate a log. Here it is:

ComboFix 12-01-19.02 - Roger 01/21/2012 7:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2581 [GMT -6:00]
Running from: c:\documents and settings\Roger\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Roger\Application Data\inst.exe
c:\documents and settings\Roger\Application Data\vso_ts_preview.xml
c:\windows\$NtUninstallKB60447$
c:\windows\$NtUninstallKB60447$\2294441181\@
c:\windows\$NtUninstallKB60447$\2294441181\bckfg.tmp
c:\windows\$NtUninstallKB60447$\2294441181\cfg.ini
c:\windows\$NtUninstallKB60447$\2294441181\Desktop.ini
c:\windows\$NtUninstallKB60447$\2294441181\keywords
c:\windows\$NtUninstallKB60447$\2294441181\kwrd.dll
c:\windows\$NtUninstallKB60447$\2294441181\L\yyrmfecg
c:\windows\$NtUninstallKB60447$\2294441181\U\00000001.@
c:\windows\$NtUninstallKB60447$\2294441181\U\00000002.@
c:\windows\$NtUninstallKB60447$\2294441181\U\00000004.@
c:\windows\$NtUninstallKB60447$\2294441181\U\80000000.@
c:\windows\$NtUninstallKB60447$\2294441181\U\80000004.@
c:\windows\$NtUninstallKB60447$\2294441181\U\80000032.@
c:\windows\$NtUninstallKB60447$\263077971
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\XAPOFX1_0.dll
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.cdrom
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 00:04 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-21 00:04 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-16 14:38 . 2012-01-17 00:42 -------- d-----w- c:\documents and settings\UpdatusUser
2012-01-16 14:38 . 2012-01-16 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-01-16 14:36 . 2011-11-09 14:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-16 14:36 . 2011-12-17 21:03 988992 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-16 14:36 . 2011-12-17 21:03 878400 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-08 20:02 . 2012-01-21 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-08 20:01 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-01-08 20:01 . 2012-01-10 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-01-06 22:41 . 2012-01-20 14:33 -------- d-----w- c:\program files\SpeedFan
2011-12-29 14:46 . 2011-12-29 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-12-29 14:46 . 2011-12-29 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-27 07:14 . 2011-12-27 07:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-12-27 07:14 . 2011-12-27 07:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-12-26 15:31 . 2011-12-26 15:31 -------- d-----w- c:\documents and settings\Roger\Local Settings\Application Data\Skyrim
2011-12-26 15:30 . 2011-12-26 15:30 -------- d-----w- C:\53f5c35aad6722379090a6df
2011-12-26 15:25 . 2007-10-12 21:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-12-25 23:50 . 2011-12-25 23:50 -------- d-----w- c:\program files\Common Files\Steam
2011-12-25 23:50 . 2012-01-20 19:05 -------- d-----w- c:\program files\Steam
2011-12-23 23:14 . 2011-11-09 14:21 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2011-12-23 23:14 . 2011-11-09 14:21 122816 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-12-23 23:14 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll
2011-12-23 23:14 . 2012-01-16 14:37 -------- d-----w- C:\NVIDIA
2011-12-23 22:52 . 2011-12-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-12-23 22:52 . 2012-01-16 14:37 286904 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-23 22:52 . 2012-01-16 14:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-12-23 22:52 . 2012-01-16 14:37 286904 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-23 22:52 . 2012-01-16 14:38 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 21:03 . 2011-03-20 23:09 4290816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-12-17 21:03 . 2011-03-20 23:06 13733696 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-12-17 21:03 . 2010-07-30 00:47 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-17 21:03 . 2010-07-30 00:47 5885952 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-17 21:03 . 2010-07-30 00:47 2501952 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-17 21:03 . 2010-07-30 00:47 2206016 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-17 21:03 . 2010-07-30 00:47 2086912 ----a-w- c:\windows\system32\nvapi.dll
2011-12-17 21:03 . 2010-07-30 00:47 18526208 ----a-w- c:\windows\system32\nvoglnt.dll
2011-12-17 21:03 . 2010-07-30 00:47 17489920 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-17 19:48 . 2010-07-30 00:33 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-12-17 19:48 . 2010-07-30 00:33 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-12-17 19:48 . 2010-07-30 00:33 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-12-17 19:48 . 2010-07-30 00:33 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-12-17 19:48 . 2010-07-30 00:33 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-12-17 19:48 . 2010-07-30 00:33 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-12-17 19:48 . 2010-07-30 00:33 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-12-17 19:48 . 2010-07-30 00:33 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-12-17 19:48 . 2010-07-30 00:33 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-12-17 19:48 . 2010-07-30 00:33 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-12-17 19:48 . 2010-07-30 00:33 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-12-17 19:48 . 2010-07-30 00:33 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-12-17 19:48 . 2010-07-30 00:33 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-12-17 19:48 . 2010-07-30 00:33 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-12-17 19:48 . 2010-07-30 00:33 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-12-17 19:48 . 2010-07-30 00:33 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-12-17 19:48 . 2010-07-30 00:33 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-12-17 19:48 . 2010-07-30 00:33 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-12-17 19:48 . 2010-07-30 00:33 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-12-17 19:48 . 2010-07-30 00:33 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-12-17 19:48 . 2010-07-30 00:33 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-12-17 19:48 . 2010-07-30 00:33 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-12-17 19:48 . 2010-07-30 00:33 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-12-17 19:48 . 2010-07-30 00:33 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-12-17 19:48 . 2010-07-30 00:33 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-12-17 19:48 . 2010-07-30 00:33 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-12-17 19:48 . 2010-07-30 00:33 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-12-17 19:48 . 2010-07-30 00:33 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-12-17 19:35 . 2010-07-30 00:33 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-17 19:35 . 2010-07-30 00:33 15467840 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-17 19:35 . 2010-07-30 00:33 148288 ----a-w- c:\windows\system32\nvsvc32.exe
2011-12-17 19:35 . 2010-07-30 00:33 143680 ----a-w- c:\windows\system32\nvcolor.exe
2011-12-17 19:34 . 2010-07-30 00:33 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-12-02 22:01 . 2011-12-02 22:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-02 21:33 . 2011-12-02 21:28 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 14:10 . 2011-05-17 12:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 00:33 . 2011-10-25 00:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Roger\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-13 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-13 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-13 141336]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-12-17 1634112]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Roger\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1122:TCP"= 1122:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [7/7/2011 3:24 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [7/7/2011 3:24 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 8:25 PM 820344]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [1/8/2012 2:01 PM 38504]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [7/7/2011 3:24 PM 136312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [7/7/2011 3:24 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1/16/2012 8:38 AM 2348864]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/8/2012 2:01 PM 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/8/2012 2:01 PM 955816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 7:29 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/19/2012 5:21 PM 356280]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/23/2011 5:14 PM 122816]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/23/2011 3:11 PM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/19/2011 11:31 PM 1390976]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [1/8/2012 2:01 PM 130976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-08 21:46]
.
2012-01-19 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-08 21:46]
.
2012-01-08 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-01-08 21:46]
.
2012-01-21 c:\windows\Tasks\User_Feed_Synchronization-{029CDB6B-93AC-4DE3-AB21-DEB55FD5F112}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\glyz0cc9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 08:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJS-00B4A0 rev.01.03A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1182C6
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(8916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2012-01-21 08:26:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 14:25
.
Pre-Run: 135,818,637,312 bytes free
Post-Run: 136,820,908,032 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9F1A41624A15AA49B4AACF727BB729E3
  • 0

#6
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Also, windows ran an update when I shutdown just now. I don't know if that changes anything but wanted to let you know just in case. Thank you so much for your help.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets sweep for orphans.. On completion can you let me know what problems remain

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Done. Malwarebytes said no malicious items detected. System is still sluggish and am still getting flashing black screen on top half of my browser. BTW, ComboFix seems to have disappeared from my system. Not on my desktop, program files or list of installed programs. Don't know if that is normal or not but just thought to let you know. Here is Malwarebytes log file:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roger :: ROGERPC [administrator]

1/21/2012 2:39:06 PM
mbam-log-2012-01-21 (14-39-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191351
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post a screenshot of the browser problem please

Windows updates are working which is good

Could you now run the MS Fixit about one third the way down this page please
  • 0

#10
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ran MSFIX-it and restarted. Can't seem to catch the flash. It is incredibly fast, about a half second and not consistent. Will continue to try to get it.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try to describe it as accurately as possible please

Also how is the computer behaving now ?
  • 0

#12
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
First, just got back home and started my computer up and for the first time in about 2 weeks it seemed normal. Everything seemed faster and just...better. So, for now I wanted to give you my whole-hearted thank you. THANK YOU!!!!!!!!
Second, I got my fiance to help me and I got a screen shot of the black box. It happens so fast I had to repeatedly close and re-open my browser to get it. She on the mouse and I manning the keyboard. I noticed it happened EVERY time I open this page, and that is how we got it. So it is an MS-Paint photo attachment.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So it was on the G2G page - er you forgot the attachment :lol:
  • 0

#14
saintsfan39475

saintsfan39475

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sorry. It won't seem to attach and I can't copy and paste. Any suggestions? (Error No file was selected for upload)
File is a bitmap. 3.4 mb.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you zip it please and mail it to the address that I will pm you

Meanwhile I will remove my bits and bobs

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP