Win32 on XP

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Win32 on XP19th August 2010, 8:43 pm

How is your computer running at this point?

Re: Win32 on XP19th August 2010, 8:54 pm

still slow on start up. ( I used the restart command to test) Freezes up when trying to open firefox. But the switch from one screen to another seems somewhat faster.

brick

Re: Win32 on XP20th August 2010, 8:26 am

The MBR didn't get fixed correctly. We shall try this once more.

Please open Notepad and copy and paste the following:

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.

Re: Win32 on XP20th August 2010, 3:13 pm

Here are the logs

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

Done;
Press any key to quit...

Re: Win32 on XP21st August 2010, 5:44 am

Do you have an XP cd?

We need to do a data-safe recovery.

Re: Win32 on XP21st August 2010, 5:43 pm

No, I am sorry we don't.

brick

Re: Win32 on XP21st August 2010, 8:54 pm

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.

Win32 on XP - Page 1 Fixmbr

Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.

Once done, re-run Remover.exe and post a new log.

Re: Win32 on XP21st August 2010, 10:26 pm

here it is

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Re: Win32 on XP22nd August 2010, 5:31 am

Good.

How is the computer running now?

Re: Win32 on XP23rd August 2010, 1:47 pm

Good Monday morning DragonMaster Jay,
I started up the computer this morning and it was even more slow than yesterday. I pulled up the window task manager and at the top of application was a program that looks like the windows messenger live icon, yet a little different with the title of 'xxx'. This is the same program that prompted us to run the eset scanner 2 weeks ago and thus finding a variety of win 32 virus. I gather this virus is back?
What do we do next?
Thanks for your continue help
*********
(note) after posting this I went back to desk top and it still wont open firefox browser. It is listed as non responsive. I also can not close the browser. After a while it finally closed and then I was able to end the "xxx" task as well. Clearly, something is going on....

brick

Re: Win32 on XP24th August 2010, 8:41 pm

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Re: Win32 on XP24th August 2010, 9:22 pm

This is the OTL Logs

OTL logfile created on: 08/24/2010 5:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David and Marla\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

479.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 53.00% Memory free
874.00 Mb Paging File | 607.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 12.63 Gb Free Space | 33.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRITSCH
Current User Name: David and Marla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/24 16:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
PRC - [2010/07/24 11:48:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/05/28 07:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/07 10:37:36 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdmcoms.exe
PRC - [2006/03/09 04:03:56 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/06/18 10:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\system32\ScsiAccess.EXE
PRC - [2002/09/13 15:57:43 | 000,046,592 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010/08/24 16:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/07 10:37:36 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/12/07 10:37:27 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/18 10:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\combo-fix\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/01/26 22:09:40 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/03/09 21:26:14 | 000,245,248 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/03/09 04:25:30 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/07/04 08:52:50 | 000,018,432 | ---- | M] (First 4 Internet) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\$sys$cor.sys -- ($sys$cor)
DRV - [2005/07/04 06:51:37 | 000,011,904 | ---- | M] (First 4 Internet) [Kernel | System | Running] -- C:\WINDOWS\system32\$sys$filesystem\crater.sys -- ($sys$crater)
DRV - [2004/08/04 01:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/18 10:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 10:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 10:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 10:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 10:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 10:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2002/09/13 15:55:13 | 000,659,356 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/07/10 18:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/09/28 11:52:04 | 000,027,008 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGP.sys -- (sisagp)
DRV - [2001/08/17 16:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 26 1F 2A 73 3C CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}:1.8.62
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 11:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 13:12:29 | 000,000,000 | ---D | M]

[2008/10/15 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Extensions
[2010/08/24 12:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions
[2010/05/28 17:12:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/18 13:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/02/17 12:25:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/30 20:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
[2009/09/22 14:48:44 | 000,000,000 | ---D | M] (iFox) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2006/11/24 21:30:26 | 000,000,000 | ---D | M] (rubyFox) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2009/01/18 20:35:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2006/11/24 21:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\{e8cba685-830c-1283-6314-a6ae605cc7be}
[2010/04/13 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\extensions\personas@christopher.beard
[2009/09/01 18:03:02 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\searchplugins\bing.xml
[2009/07/19 10:00:10 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\David and Marla\Application Data\Mozilla\Firefox\Profiles\luomhhjy.default\searchplugins\bleach-wiki-en.xml
[2010/08/24 12:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 19:30:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/08 19:29:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/16 13:01:15 | 000,221,184 | ---- | M] (Virtools SA) -- C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll

O1 HOSTS File: ([2010/08/18 15:39:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Cookienator] C:\Program Files\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - Startup: C:\Documents and Settings\David and Marla\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134862168015 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David and Marla\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David and Marla\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 00:24:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - C:\WINDOWS\System32\jl_jdct.drv (JEILIN Tech.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/24 16:58:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
[2010/08/21 17:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/08/19 16:22:34 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Documents and Settings\David and Marla\Desktop\remover.exe
[2010/08/19 15:34:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/18 15:19:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/18 11:25:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/18 11:25:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/18 11:25:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/18 11:25:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/18 11:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/18 11:23:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/17 13:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/17 13:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/04/22 19:06:22 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/04/22 19:06:21 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/04/22 19:06:21 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/04/22 19:06:21 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/04/22 19:06:21 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/04/22 19:06:21 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/04/22 19:06:21 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/04/22 19:06:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/04/22 19:06:20 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/04/22 19:06:19 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/04/22 19:06:19 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[21 C:\Documents and Settings\David and Marla\My Documents\*.tmp files -> C:\Documents and Settings\David and Marla\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/24 16:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Marla\Desktop\OTL.exe
[2010/08/24 14:53:09 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\S.P.E.A.R.doc
[2010/08/24 12:14:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\David and Marla\My Documents\~$P.E.A.R.doc
[2010/08/24 11:18:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/24 10:45:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 10:44:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 10:43:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 10:43:57 | 502,849,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 23:38:07 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\David and Marla\NTUSER.DAT
[2010/08/23 23:38:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David and Marla\ntuser.ini
[2010/08/23 19:42:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/22 23:01:08 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\Living on a paryer..doc
[2010/08/21 15:22:48 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\Cookienator.lnk
[2010/08/20 11:10:23 | 000,000,056 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\remove.bat
[2010/08/19 16:21:53 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\bootkit_remover.rar
[2010/08/19 15:36:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\David and Marla\Desktop\MBRCheck.exe
[2010/08/18 15:39:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/18 15:39:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/18 15:19:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/18 11:24:29 | 003,819,088 | R--- | M] () -- C:\Documents and Settings\David and Marla\Desktop\combo-fix.exe
[2010/08/15 20:06:24 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\falling angels.doc
[2010/08/12 12:32:35 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 11:38:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\David and Marla\My Documents\~$rvest moon ToT.doc
[2010/08/12 11:29:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 11:26:49 | 000,000,783 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 11:19:20 | 000,505,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 11:19:20 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 11:19:20 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 23:11:19 | 000,518,656 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\Letters in timed.doc
[2010/08/10 22:03:25 | 000,165,836 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\cr 003.jpg
[2010/08/10 22:02:44 | 000,199,533 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\cr 002.jpg
[2010/08/10 22:01:52 | 000,186,995 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\cr 001.jpg
[2010/08/10 21:59:31 | 000,215,668 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\cr.jpg
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/09 23:12:50 | 004,291,912 | -H-- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\IconCache.db
[2010/08/09 14:27:47 | 000,297,984 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\Harvest moon ToT.doc
[2010/08/08 14:02:34 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 17:44:48 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\David and Marla\My Documents\~$ving on a paryer..doc
[2010/08/01 10:41:03 | 000,011,057 | ---- | M] () -- C:\Documents and Settings\All Users\lxdm
[2010/08/01 10:39:25 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\old folksjuly2010.xls
[2010/07/29 18:08:15 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\David and Marla\My Documents\Darkblood.doc
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[21 C:\Documents and Settings\David and Marla\My Documents\*.tmp files -> C:\Documents and Settings\David and Marla\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 12:14:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\David and Marla\My Documents\~$P.E.A.R.doc
[2010/08/21 17:53:17 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\S.P.E.A.R.doc
[2010/08/20 11:10:23 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\remove.bat
[2010/08/19 16:22:03 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\bootkit_remover.rar
[2010/08/19 15:36:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\David and Marla\Desktop\MBRCheck.exe
[2010/08/18 15:19:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/18 15:19:21 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/18 11:25:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/18 11:25:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/18 11:25:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/18 11:25:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/18 11:25:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/18 11:19:29 | 003,819,088 | R--- | C] () -- C:\Documents and Settings\David and Marla\Desktop\combo-fix.exe
[2010/08/12 11:38:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\David and Marla\My Documents\~$rvest moon ToT.doc
[2010/08/10 22:03:06 | 000,165,836 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\cr 003.jpg
[2010/08/10 22:02:26 | 000,199,533 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\cr 002.jpg
[2010/08/10 21:59:59 | 000,186,995 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\cr 001.jpg
[2010/08/10 21:59:12 | 000,215,668 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\cr.jpg
[2010/08/07 21:06:35 | 000,518,656 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\Letters in timed.doc
[2010/08/02 17:44:48 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\David and Marla\My Documents\~$ving on a paryer..doc
[2010/08/01 10:39:25 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David and Marla\My Documents\old folksjuly2010.xls
[2009/12/14 21:41:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\prvlcl.dat
[2009/08/21 10:54:05 | 000,018,885 | ---- | C] () -- C:\WINDOWS\System32\acylowi.dll
[2009/08/21 10:54:05 | 000,018,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ymysad._sy
[2009/08/21 10:54:05 | 000,017,451 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\jypu.bin
[2009/04/22 19:11:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/04/22 19:11:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/04/22 19:10:19 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/04/22 19:10:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/04/22 19:10:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/04/22 19:09:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL
[2009/04/22 19:09:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL
[2009/04/22 19:09:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll
[2009/04/22 19:06:39 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini
[2009/04/22 19:06:22 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/04/22 19:06:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2008/12/25 12:32:57 | 000,095,496 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/12/25 12:32:31 | 000,081,418 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/12/08 12:10:33 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2008/12/08 12:10:33 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2008/12/08 12:10:33 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2008/12/08 12:08:51 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2008/12/04 11:06:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk5.ini
[2008/09/29 09:00:49 | 000,000,638 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2008/09/29 08:54:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\mathadv.ini
[2008/09/29 08:53:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/03/30 14:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2006/03/01 13:56:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/03/01 13:56:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/03/01 13:56:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/02/08 16:55:40 | 000,001,016 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/01/26 13:04:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/26 19:19:54 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\fusioncache.dat
[2005/12/26 18:11:50 | 000,003,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/18 22:53:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/18 11:17:28 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/17 20:29:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\David and Marla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/28 20:27:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/18 00:37:08 | 000,000,795 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/18 00:04:22 | 000,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/17 17:10:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/17 17:10:14 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/17 17:10:14 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/08/29 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 01:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 01:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 01:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 01:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 01:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2003/06/18 10:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/05/02 23:38:35 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdmdrpp.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2008/12/08 10:55:28 | 000,006,129 | ---- | M] () -- C:\0x0409.ini
[2009/10/19 15:28:24 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2002/09/18 00:24:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/01/02 11:04:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/18 15:19:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/18 16:05:22 | 000,015,788 | ---- | M] () -- C:\ComboFix.txt
[2002/09/18 00:24:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/08 10:55:32 | 002,516,480 | ---- | M] () -- C:\Driver Detective.msi
[2009/10/11 18:50:01 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2010/05/07 06:08:48 | 000,035,774 | ---- | M] () -- C:\EasyShare.dmp
[2009/01/23 15:01:42 | 000,005,113 | ---- | M] () -- C:\hel.exe
[2010/08/24 10:43:57 | 502,849,536 | -HS- | M] () -- C:\hiberfil.sys
[2002/09/18 00:24:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/23 10:16:39 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2002/09/18 00:24:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/02 10:54:20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/11 10:17:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/24 16:37:59 | 490,733,568 | -HS- | M] () -- C:\pagefile.sys
[2010/01/02 00:43:44 | 000,200,192 | ---- | M] () -- C:\Part.doc
[2010/05/23 10:10:41 | 000,000,404 | ---- | M] () -- C:\rkill.log
[2008/12/08 10:55:28 | 000,002,389 | ---- | M] () -- C:\Setup.INI
[2008/12/08 10:55:28 | 000,283,607 | ---- | M] () -- C:\setup.isn
[2010/06/08 17:13:27 | 000,061,504 | ---- | M] () -- C:\silver.jpg
[2008/12/08 12:10:27 | 000,000,094 | ---- | M] () -- C:\SiSSetup.txt
[2008/12/08 12:10:27 | 000,002,389 | ---- | M] () -- C:\SiSSetup1.ini
[2008/12/08 12:10:27 | 000,000,000 | ---- | M] () -- C:\SiSUnist.ini
[2008/12/07 07:55:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/08 08:02:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/22 08:15:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/23 00:13:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/24 06:15:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/08 06:31:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/09 08:28:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/23 16:32:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/23 16:32:11 | 000,000,148 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/16 08:36:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/12/01 06:04:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/12/01 12:36:41 | 000,000,172 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/12/01 12:41:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/12/01 16:55:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/12/02 06:33:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/12/03 09:26:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/12/04 09:55:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/05 06:17:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/06 07:54:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/06 07:54:26 | 000,000,136 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/12/07 07:55:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/12/08 08:02:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/22 08:15:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/23 00:13:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/24 06:15:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/08 06:31:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/09 08:28:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/23 16:32:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/23 16:32:11 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/16 08:36:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/12/01 06:04:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/12/01 12:36:41 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/12/01 12:41:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/12/01 16:55:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/12/02 06:33:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/12/03 09:26:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/12/04 09:55:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/05 06:17:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/06 07:54:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/06 07:54:25 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/03 12:59:31 | 000,000,162 | -H-- | M] () -- C:\~$Part.doc

< %PROGRAMFILES%\*. >
[2009/04/22 19:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/06/11 13:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/05/23 13:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/07/07 12:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2010/06/08 20:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/15 16:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/12/11 17:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/05/23 13:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie(R) idesign(TM) Ultimate Stylist(TM)
[2010/06/08 13:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2009/12/24 06:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2009/12/15 17:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Circle Developement
[2010/08/18 15:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/09/18 00:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/08 13:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Cookienator
[2010/05/02 18:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2009/04/13 22:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2008/09/25 22:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
[2009/10/20 05:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dvd Ref
[2006/08/16 18:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2010/04/28 11:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Edu-Track
[2010/05/21 11:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/05/08 18:51:27 | 000,000,000 | ---D | M] -- C:\Program Files\Flex Designs, Ltd
[2010/06/10 22:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/23 14:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/12/23 18:38:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/12 11:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/08 19:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/25 11:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\JL2005C
[2008/11/28 08:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/04/29 18:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 5000 Series
[2009/05/09 06:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/02/25 10:45:07 | 000,000,000 | ---D | M] -- C:\Program Files\Lucas Learning
[2010/08/21 17:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/05/23 10:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/11 10:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/19 11:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2008/09/28 22:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerPlus! 3
[2009/02/21 08:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/01/26 13:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/09/29 03:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2002/09/18 00:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/12/23 12:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2006/01/26 13:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/01 17:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/04/22 10:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office2K
[2009/02/21 08:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/01/23 18:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2006/01/26 13:01:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/02/10 11:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/01/26 13:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 11:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/13 11:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/22 00:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/12/13 22:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2002/09/18 00:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/18 11:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/11 10:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/11/27 07:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2010/05/23 14:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2009/01/18 20:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2002/09/18 00:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 11:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/17 13:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/22 00:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/08 13:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2008/12/08 12:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\SiS Compatible VGA V2.22
[2008/12/25 12:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\SiS VGA Utilities V3.73
[2008/12/25 12:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\sisagp
[2002/09/28 19:58:51 | 000,000,000 | ---D | M] -- C:\Program Files\SiSLan
[2008/12/08 12:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\SiSVGA
[2006/07/13 23:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 7
[2009/04/22 10:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2010/08/15 11:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/03/07 09:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Stamps.com Internet Postage
[2009/08/22 10:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\SuperAdBlocker.com
[2010/06/07 11:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/07/13 11:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Teaching Textbooks
[2002/09/18 00:35:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/10/16 13:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Virtools
[2009/09/01 17:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/23 18:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/01/23 18:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/05/23 18:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/23 18:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/11 10:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/12/14 16:21:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/05/08 18:42:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/12/01 12:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2002/09/18 00:25:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/02 13:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/11/26 11:21:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2002/09/17 17:11:36 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\David and Marla\Application Data\desktop.ini

< MD5 for: AGP440.SYS >
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

Re: Win32 on XP24th August 2010, 9:22 pm

< MD5 for: ATAPI.SYS >
[2002/08/29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 08:00:00 | 010,158,890 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 08:00:00 | 010,158,890 | R--- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:usbstor.sys
[2006/01/02 10:47:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/11/11 10:07:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 15:32:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Re: Win32 on XP24th August 2010, 9:23 pm

Here are the Extra logs.

OTL Extras logfile created on: 08/24/2010 5:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David and Marla\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

479.00 Mb Total Physical Memory | 253.00 Mb Available Physical Memory | 53.00% Memory free
874.00 Mb Paging File | 607.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 12.63 Gb Free Space | 33.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRITSCH
Current User Name: David and Marla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] --

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:5000 Series Server -- ( )
"C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 5000 Series\lxdmFax.exe" = C:\Program Files\Lexmark 5000 Series\lxdmFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{091D12F7-A074-4AFE-8401-072E8494D873}" = Clouded Horizons Character Creation Utility
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{334396FB-DF73-45A7-94FD-0C576FA87B32}" = Edu-Track Home School
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB79F660-2822-11D5-B232-0050DACD394D}" = Disney's Phonics Quest
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{334396FB-DF73-45A7-94FD-0C576FA87B32}" = Edu-Track Home School
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Lexmark 5000 Series" = Lexmark 5000 Series
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math 6 Teaching Textbook" = Math 6 Teaching Textbook
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3 & Sponsor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI
"SiS 650_651_M650_M652_740" = SiS 650_651_M650_M652_740
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Stamps.com" = Stamps.com
"Star Wars DroidWorks" = Star Wars DroidWorks
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/13/2010 11:01:48 AM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application WinPatrolEx.exe, version 18.1.2010.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/15/2010 8:02:23 AM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 08/15/2010 8:02:23 AM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 08/16/2010 10:27:33 AM | Computer Name = FRITSCH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 08/17/2010 8:56:11 AM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/17/2010 12:17:47 PM | Computer Name = FRITSCH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 08/21/2010 8:58:06 PM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/23/2010 10:06:42 AM | Computer Name = FRITSCH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 08/24/2010 4:04:32 PM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application spywareblaster.exe, version 4.3.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/24/2010 4:04:53 PM | Computer Name = FRITSCH | Source = Application Hang | ID = 1002
Description = Hanging application spywareblaster.exe, version 4.3.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 08/22/2010 11:13:21 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep SABKUTIL

Error - 08/23/2010 9:39:22 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 08/23/2010 9:39:22 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService
service to connect.

Error - 08/23/2010 9:39:22 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7000
Description = The lxdmCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 08/23/2010 9:39:24 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep SABKUTIL

Error - 08/23/2010 7:46:17 PM | Computer Name = FRITSCH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.10.103 for the Network Card with network
address 0008A17B9ACA has been denied by the DHCP server 192.168.10.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/24/2010 10:44:51 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 08/24/2010 10:44:51 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService
service to connect.

Error - 08/24/2010 10:44:51 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7000
Description = The lxdmCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 08/24/2010 10:44:53 AM | Computer Name = FRITSCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep SABKUTIL

< End of report >

Re: Win32 on XP25th August 2010, 9:23 am

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Win32 on XP25th August 2010, 3:17 pm

this is it

Running from: C:\Documents and Settings\David and Marla\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\David and Marla\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Re: Win32 on XP25th August 2010, 7:19 pm

Dragonmaster Jay,
I wanted to let you know about this...we have 2 desktop computers and 2 laptop computers. All 4 have the msn live. Just today, three of the computers were being used with the msn live. The desktop you are working on is the only one that has this msn live icon with the three xxx on the task manager screen. The other two do not. When my son and I canceled the live icon with the three xxx on it, it closed his msn line. I don't know if this has anything to do with the computer and it's issues, but I thought it was worth mentioning.
thanks

brick

8/26/10 Thursday 8:54 am...booted up desktop and after 10 minutes it still will not open any browsers. Also tried to open secunia, it won't completely open it and won't let me close it either.

Re: Win32 on XP26th August 2010, 7:59 pm

I would say it was doing a triple chat, but I am not sure about that part.

Please use Internet Explorer and run a BitDefender Online scan

Please check I agree with the Terms and Conditions and click Start Here
You will need to allow an Active X install for the scan to run.
Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Re: Win32 on XP26th August 2010, 10:23 pm

Dragonmaster Jay,
here is the report from the scan.
As to the other topic on the triple x msn icon running in the task manager window; I don't think the fact that three people chatting had anything to do with it because when starting the computer in the morning it is already running on the task manager window with no one chatting much less the msn live accounts even signed in. No, I feel this is something that should not be there, especially considering none of the other three computers have such item running but do have the live msn. Just a thought.....

thanks

brick

BitDefender Online Scanner

Scan report generated at: Thu, Aug 26, 2010 - 18:13:24

Scan path: A:\;C:\;D:\;

Statistics

Time

01:30:28

Files

213682

Folders

7164

Boot Sectors

0

Archives

11792

Packed Files

9022

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

6271642

Engine build

AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 18 2010)

Scan plugins

18

Archive plugins

44

Unpack plugins

10

E-mail plugins

6

System plugins

4

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\System Volume Information\_restore{FF8DE937-E04B-4680-8F88-61226D7E946D}\RP893\A0200074.sys

Infected with: Rootkit.38920

C:\System Volume Information\_restore{FF8DE937-E04B-4680-8F88-61226D7E946D}\RP893\A0200074.sys

Deleted

Re: Win32 on XP27th August 2010, 7:56 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects

System Memory

Disk Boot Sectors.

My Computer.

Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: Win32 on XP28th August 2010, 12:36 am

Dragonmaster Jay,
Just finished the scan. The only thing that popped up half way through the scan was a small box that said "detected: killdrv.exe/killdrv.img.password protected"

When the scan finished my son and I displayed the report, but for the life of us we can not figure out a way to save it and copy it, there is no place to select or save. The only line on the report says:
" Autoscan: completed 13 minutes ago (events: 150218, objects: 147476, time: 02:17:24)"

Now the computer is frozen in safe mode. We can not close the report. At this point I am going to bring up the task manager and close it.
We are also going to reboot the computer out of safe mode until we hear from you next.
*************
Computer booted up in regular mode, the report came up on screen, still no way to copy report but I have minimized it for further reference.

thanks

brick

Last edited by brick on 28th August 2010, 12:49 am; edited 1 time in total (Reason for editing : more information)

Re: Win32 on XP29th August 2010, 1:27 am

Take a screenshot of infected results, if possible.

Re: Win32 on XP30th August 2010, 12:40 pm

Sorry Dragonmaster Jay,
By the time we got your message, it was the next day....screen shot is not possible.

On a side note, I discovered why the desktop has this message live icon with three xxx's.. apparently this desktop has the messenger live plus rather than just the messenger live.

brick

Last edited by brick on 30th August 2010, 12:42 pm; edited 1 time in total (Reason for editing : more information)

Re: Win32 on XP31st August 2010, 4:59 am

Remove Messenger Plus, and let me know if that disappears.

Re: Win32 on XP31st August 2010, 4:13 pm

Good afternoon Dragonmaster Jay,

sorry for the delayed response, our internet service was out last night until this afternoon. (sigh) I just removed the messenger live plus from the desktop and sure enough the icon is now not running on the task manager window. ( that is good) also noted that when I restarted the computer it came up must faster and opened the malware program faster too. My oldest son, informed me that messenger live plus is an add on, and that the other computers do have the add on, but none of the others had it running constantly....which furthers my belief that it was a problem on the desktop at hand.
At this moment, it is removed from the desktop, desktop restarted, and now we are running a quick scan of malwarebytes....we are then going to redownload the messenger live plus and see what happens. Ideally we should not have it running constantly....if all goes well. I will get back to you after that is done...

brick

Re: Win32 on XP31st August 2010, 7:01 pm

Dragonmaster Jay,
We finished the malware scan, quick scan and it only took 17 minutes, much faster than recently. We re downloaded the windows live plus, restarted computer, open the windows live, closed it, opened it again and all the time checking the task manager window. At no time did the icon show up with the three xxx's. Again, furthering my belief there was a virus or something connected to what we had.
What would you like us to do now?
thanks!

brick

Last edited by brick on 31st August 2010, 7:02 pm; edited 1 time in total (Reason for editing : correct spelling)

Re: Win32 on XP31st August 2010, 7:15 pm

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.

Re: Win32 on XP1st September 2010, 11:38 am

Dragonmaster Jay,
It is 7:30 am Wednesday. We started the Kraspersky scan yesterday afternoon. It took 3 hours to download the virus stuff, then it finally started scanning. At 11 pm last night it was at 82%. We went to bed. This morning it was still at 82%. I shut the computer down. I am going to attempt to re run the scan this morning.

brick

8 am attempt number two....attempted to run scan using firefox, keeps giving me a message that java internet service is interupted....that happened yesterday so I used internet explorer...we had better luck but then again it did freeze...

8:01 am just noted the part where it said if the scan freezes for more than 30 minutes to report back to you...will not attempt anymore scans until I hear from you....( I did see that yesterday, but have not yet had morning coffee...working at a disadvantage right now (smile))

Last edited by brick on 1st September 2010, 12:02 pm; edited 2 times in total (Reason for editing : more information)

Re: Win32 on XP1st September 2010, 10:15 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Win32 on XP2nd September 2010, 2:09 am

I believe this is it.

C:\Documents and Settings\David and Marla\Application Data\Sun\Java\Deployment\cache\6.0\5\232ff0c5-5fd71aa1 multiple threats deleted - quarantined
C:\Documents and Settings\David and Marla\Desktop\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FF8DE937-E04B-4680-8F88-61226D7E946D}\RP899\A0200635.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FF8DE937-E04B-4680-8F88-61226D7E946D}\RP899\A0200636.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FF8DE937-E04B-4680-8F88-61226D7E946D}\RP917\A0203383.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined

Re: Win32 on XP2nd September 2010, 12:16 pm

Good morning Dragonmaster Jay,
We posted the eset scan above last night around 10:30 pm, This morning we tried to boot up the computer and it is taking f o r e v e r! ( the actual computer booted up rather quickly but it seems to get stuck on the start up stuff and won't open the firefox browser) Then we get a script warning for something called Script:chrome://global/ content/global overlay.js:114....I don't know what that is...but it doesn't sound good...
now another warning script: file:///C:Program%20File/mozilla%20firefox/compponent/storeage-mozstorage.js:1330.

-----------------------
( it has now been 15 minutes of trying to open firefox...window task manager closed it all down but we still can not open the firefox...) getting a non responsive plug in warning. we had to shut it down completely and re boot it. It seems to be running in a circle of confusion.

now a full 36 minutes have passed. I have shut computer down and rebooted and still it will not open firefox. It has never been so unresponsive....this is frustrating.
---------
after 45 minutes I managed to open the winpatrol and look at the start up items. I canceled 2 Adoble speedlauncher programs and 1 windows live messenger and 1 windows messenger programs. Firefox finally came up. My son and I closed it down then relaunched it and it came up very quickly. I don't know if disabling those 4 programs made a difference or if the computer, finally 'warmed up' enough to respond.

thanks for your time and effort,

brick

Last edited by brick on 2nd September 2010, 12:53 pm; edited 4 times in total (Reason for editing : more information)

Re: Win32 on XP4th September 2010, 4:30 am

Messenger Live Plus has not had a good reputation for a long time. I would recommend removing it permanently.

Re: Win32 on XP4th September 2010, 1:14 pm

Dragonmaster Jay,
this morning (saturday) the desktop is signed on, very slowly it came up and going from screen to screen is slow. then avast brought up a screen that said it detected a potential malicious file in a 'storesession'. ( at the time my daughter was on msn) The eset scan you had us run found 5 virus type stuff...what do we do next?

thanks

brick

Re: Win32 on XP4th September 2010, 6:34 pm

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Re: Win32 on XP6th September 2010, 1:14 pm

Good morning Dragonmaster Jay,
The scan took most of yesterday late afternoon and well into the night. But it ran and here is my attempt at using notepad to copy and paste the information. ( usually my oldest son helps me with that stuff) I remembered to reboot the computer first.

thanks for the help

brick

f29bcdf-2abb006d\yahoo/InfoCtrl.class;C:\Documents and Settings\David and Marla\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-2abb006d;Java.Downloader.30;;

f29bcdf-2abb006d\yahoo/InfoCtrl.class;C:\Documents and Settings\David and Marla\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-2abb006d;Java.Downloader.30;;
f29bcdf-2abb006d;C:\Documents and Settings\David and Marla\Application Data\Sun\Java\Deployment\cache\6.0\31;Archive contains infected objects;Moved.;

Re: Win32 on XP7th September 2010, 3:24 am

Re: Win32 on XP9th September 2010, 6:46 pm

Dragonmaster Jay,
sorry for the delayed response, we had a situation with a skunk and two dogs that took up the last couple of days....at this time everyone reports that it seems to be running much better. Occasionally it seems to get stuck on loading a page, but much better at this point. I would like the kids to use it for a while to see if any situations pop up.
again, thank you for your consistent help.....you have made this old computer a functioning 'member of the family' again.
do you have any suggestions of anything we might do to help avoid this situation again?
as a reminder we have currently avast, cookienator, psi, malware bytes and spyblaster.

brick

Re: Win32 on XP9th September 2010, 8:02 pm

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Re: Win32 on XP20th September 2010, 12:59 pm

Good morning Dragonmaster Jay,
This is the first morning I got a chance to boot up the desktop and see how it started. I have had no reports from the kids as far as the computer running slow, but then again they tend to not tell me these things until it is really bad. The computer came up better, no freezing and was up and fully running at a good rate.
So I decided to update the malwarebytes, avast, spyware blaster and run a defragmentor.....but during the malwarebytes avast popped up a message that a suspicious file was found in a 'sessions store'. I deleted it. but I know for a fact this is the second time the same type of file has come up. It sounds like something in a stored file or perhaps something to do with the dreaded msn live....In case you have forgotten, I did delete the Msn live and redownloaded it and we got rid of the 'xxx' running situation, but now we have this. AGAIN, I can't be sure it is the msn live. It is just what the kids use for live chatting.
What do think we should do now?
Thank you for your patience on letting me get the kids to run with the computer for a bit to see what came up.

OH, after re reading your post above, I do already use Firefox on all our computers...and have checked out many of suggestions and plan on using some, as soon as the issue is taken care of.

brick

Last edited by brick on 20th September 2010, 1:00 pm; edited 1 time in total (Reason for editing : mor information)

Re: Win32 on XP21st September 2010, 8:59 am

If you feel that suspicious, I would recommend to start a new topic.

I know that all malware is gone.

Re: Win32 on XP21st September 2010, 5:13 pm

One more thing, this morning when my daughter brought the computer we got the same message from avast....I wrote it all out to get the exact message..." c:/documentsandsettings/davidandmarla/applicationdata/mozilla/firefox/profiles/luomhhjy.default/sessionstore-l.js"

so this appears to be in the firefox stuff....any ideas? this seems to be the only thing at this point that is sticking out....otherwise we feel the computer is doing much much better. The fact that avast is finding this...is this good? and/or I should not try to find what the source is or let avast handle it? sorry...that was not worded well.

thanks for all your help!

brick
:smile2:

Last edited by brick on 21st September 2010, 6:19 pm; edited 1 time in total (Reason for editing : correct spelling)

Re: Win32 on XP21st September 2010, 7:51 pm

c:/documents and settings/davidandmarla/application data/mozilla/firefox/profiles/luomhhjy.default/sessionstore-l.js

That is a fake file. I would have it deleted.

Re: Win32 on XP21st September 2010, 9:45 pm

I did delete it through avast, but that is the second time this message came up. is there some other place it is that I need to go to, to delete it also?

brick

Re: Win32 on XP22nd September 2010, 9:05 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind sessionstore-l.js
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Re: Win32 on XP22nd September 2010, 10:42 pm

Ok dragonmaster Jay,
here is the log.

brick

SystemLook 04.09.10 by jpshortstuff
Log created at 18:36 on 22/09/2010 by David and Marla
Administrator - Elevation successful

========== filefind ==========

Searching for "sessionstore-l.js"
No files found.

-= EOF =-

Re: Win32 on XP23rd September 2010, 9:07 pm

As it says "No files found."

If your antivirus pops up about that again, and there is an ignore button, click on Ignore.

Re: Win32 on XP23rd September 2010, 9:59 pm

Ok, thanks again for all your help Dragonmaster Jay. It has been years since the old computer ran this good.

brick

Win32 on XP

descriptionRe: Win32 on XP19th August 2010, 8:43 pm

descriptionRe: Win32 on XP19th August 2010, 8:54 pm

descriptionRe: Win32 on XP20th August 2010, 8:26 am

descriptionRe: Win32 on XP20th August 2010, 3:13 pm

descriptionRe: Win32 on XP21st August 2010, 5:44 am

descriptionRe: Win32 on XP21st August 2010, 5:43 pm

descriptionRe: Win32 on XP21st August 2010, 8:54 pm

descriptionRe: Win32 on XP21st August 2010, 10:26 pm

descriptionRe: Win32 on XP22nd August 2010, 5:31 am

descriptionRe: Win32 on XP23rd August 2010, 1:47 pm

descriptionRe: Win32 on XP24th August 2010, 8:41 pm

descriptionRe: Win32 on XP24th August 2010, 9:22 pm

descriptionRe: Win32 on XP24th August 2010, 9:22 pm

descriptionRe: Win32 on XP24th August 2010, 9:23 pm

descriptionRe: Win32 on XP25th August 2010, 9:23 am

descriptionRe: Win32 on XP25th August 2010, 3:17 pm

descriptionRe: Win32 on XP25th August 2010, 7:19 pm

descriptionRe: Win32 on XP26th August 2010, 7:59 pm

descriptionRe: Win32 on XP26th August 2010, 10:23 pm

descriptionRe: Win32 on XP27th August 2010, 7:56 pm

descriptionRe: Win32 on XP28th August 2010, 12:36 am

descriptionRe: Win32 on XP29th August 2010, 1:27 am

descriptionRe: Win32 on XP30th August 2010, 12:40 pm

descriptionRe: Win32 on XP31st August 2010, 4:59 am

descriptionRe: Win32 on XP31st August 2010, 4:13 pm

descriptionRe: Win32 on XP31st August 2010, 7:01 pm

descriptionRe: Win32 on XP31st August 2010, 7:15 pm

descriptionRe: Win32 on XP1st September 2010, 11:38 am

descriptionRe: Win32 on XP1st September 2010, 10:15 pm

descriptionRe: Win32 on XP2nd September 2010, 2:09 am

descriptionRe: Win32 on XP2nd September 2010, 12:16 pm

descriptionRe: Win32 on XP4th September 2010, 4:30 am

descriptionRe: Win32 on XP4th September 2010, 1:14 pm

descriptionRe: Win32 on XP4th September 2010, 6:34 pm

descriptionRe: Win32 on XP6th September 2010, 1:14 pm

descriptionRe: Win32 on XP7th September 2010, 3:24 am

descriptionRe: Win32 on XP9th September 2010, 6:46 pm

descriptionRe: Win32 on XP9th September 2010, 8:02 pm

descriptionRe: Win32 on XP20th September 2010, 12:59 pm

descriptionRe: Win32 on XP21st September 2010, 8:59 am

descriptionRe: Win32 on XP21st September 2010, 5:13 pm

descriptionRe: Win32 on XP21st September 2010, 7:51 pm

descriptionRe: Win32 on XP21st September 2010, 9:45 pm

descriptionRe: Win32 on XP22nd September 2010, 9:05 pm

descriptionRe: Win32 on XP22nd September 2010, 10:42 pm

descriptionRe: Win32 on XP23rd September 2010, 9:07 pm

descriptionRe: Win32 on XP23rd September 2010, 9:59 pm

descriptionRe: Win32 on XP

Re: Win32 on XP19th August 2010, 8:43 pm

Re: Win32 on XP19th August 2010, 8:54 pm

Re: Win32 on XP20th August 2010, 8:26 am

Re: Win32 on XP20th August 2010, 3:13 pm

Re: Win32 on XP21st August 2010, 5:44 am

Re: Win32 on XP21st August 2010, 5:43 pm

Re: Win32 on XP21st August 2010, 8:54 pm

Re: Win32 on XP21st August 2010, 10:26 pm

Re: Win32 on XP22nd August 2010, 5:31 am

Re: Win32 on XP23rd August 2010, 1:47 pm

Re: Win32 on XP24th August 2010, 8:41 pm

Re: Win32 on XP24th August 2010, 9:22 pm

Re: Win32 on XP24th August 2010, 9:22 pm

Re: Win32 on XP24th August 2010, 9:23 pm

Re: Win32 on XP25th August 2010, 9:23 am

Re: Win32 on XP25th August 2010, 3:17 pm

Re: Win32 on XP25th August 2010, 7:19 pm

Re: Win32 on XP26th August 2010, 7:59 pm

Re: Win32 on XP26th August 2010, 10:23 pm

Re: Win32 on XP27th August 2010, 7:56 pm

Re: Win32 on XP28th August 2010, 12:36 am

Re: Win32 on XP29th August 2010, 1:27 am

Re: Win32 on XP30th August 2010, 12:40 pm

Re: Win32 on XP31st August 2010, 4:59 am

Re: Win32 on XP31st August 2010, 4:13 pm

Re: Win32 on XP31st August 2010, 7:01 pm

Re: Win32 on XP31st August 2010, 7:15 pm

Re: Win32 on XP1st September 2010, 11:38 am

Re: Win32 on XP1st September 2010, 10:15 pm

Re: Win32 on XP2nd September 2010, 2:09 am

Re: Win32 on XP2nd September 2010, 12:16 pm

Re: Win32 on XP4th September 2010, 4:30 am

Re: Win32 on XP4th September 2010, 1:14 pm

Re: Win32 on XP4th September 2010, 6:34 pm

Re: Win32 on XP6th September 2010, 1:14 pm

Re: Win32 on XP7th September 2010, 3:24 am

Re: Win32 on XP9th September 2010, 6:46 pm

Re: Win32 on XP9th September 2010, 8:02 pm

Re: Win32 on XP20th September 2010, 12:59 pm

Re: Win32 on XP21st September 2010, 8:59 am

Re: Win32 on XP21st September 2010, 5:13 pm

Re: Win32 on XP21st September 2010, 7:51 pm

Re: Win32 on XP21st September 2010, 9:45 pm

Re: Win32 on XP22nd September 2010, 9:05 pm

Re: Win32 on XP22nd September 2010, 10:42 pm

Re: Win32 on XP23rd September 2010, 9:07 pm

Re: Win32 on XP23rd September 2010, 9:59 pm

Re: Win32 on XP