Jump to content


Photo
- - - - -

Possible rootkit.0access infection


  • This topic is locked This topic is locked
65 replies to this topic

#21 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 01:22 PM

Can you please delete OTL.exe on desktop, if we need it, we shall redownload it to ensure we have the latest version

Please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and depending on the system run GrantPerms.exe
  • Copy and paste the following in the quote box, don't include the word 'quote':

    c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\\Qoobox\BackEnv
    c:\\WINDOWS\system32\MRT.exe



  • Click Unlock. When it is done click "OK".
  • Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

In addition, can you try opening Malwarebytes anti-malware now and let me know if it will open
Don't run a scan yet

Edited by guestolo, 15 January 2012 - 01:24 PM.
included link to grantperms.exe

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#22 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 01:45 PM

GrantPerms by Farbar
Ran by Bruce (administrator) at 2012-01-15 14:45:18

===============================================
\\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)


\\?\c:\\WINDOWS\system32\MRT.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

#23 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 01:49 PM

In addition, can you try opening Malwarebytes anti-malware now and let me know if it will open


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#24 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 01:55 PM

Yes, Malwarebytes opened and I started running a "Quick Scan".

The scan completed successfully and did not find anything.

#25 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 02:00 PM

Did you update beforehand, I asked earlier that you not run a scan
Wanted to make sure you updated before you ran it, and it might be a good idea to run
A Full system scan
Post the log afterwards

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#26 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:21 PM

I reopened Malwarebytes. Did an update and ran a full system scan.

I found one item.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bruce :: AMD3300 [administrator]

1/15/2012 3:05:58 PM
mbam-log-2012-01-15 (15-05-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267865
Time elapsed: 1 hour(s), 11 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
F:\WINDOWS\SYSTEM\HLINK.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

#27 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 03:45 PM

I believe the only indication of infection by some tools now, are false positive of hidden drivers from Alcohol 120%
and possibly if you had Daemon tools installed at one time, did you?

Can you delete your copy of TDSKiller.exe and also it's text file it made in the C:\ folder
Redownload it and run another scan and post the new log
http://support.kaspe.../tdsskiller.exe

Keep me informed how things are now running please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#28 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:51 PM

Forgot to mention that when you asked me to delete OTL.exe, in post #21, I was unable to.
I got the following error message:

Cannot delete OTL: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.

I just tried to delete it again now and it does the same thing.

#29 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 03:59 PM

I believe I did have Daemon Tools installed a long time ago.
I deleted TDSKiller and the associated .txt file and then redownloaded it.

This is the new .txt file

16:57:04.0468 2544 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
16:57:04.0796 2544 ============================================================
16:57:04.0796 2544 Current date / time: 2012/01/15 16:57:04.0796
16:57:04.0796 2544 SystemInfo:
16:57:04.0796 2544
16:57:04.0796 2544 OS Version: 5.1.2600 ServicePack: 3.0
16:57:04.0796 2544 Product type: Workstation
16:57:04.0796 2544 ComputerName: AMD3300
16:57:04.0796 2544 UserName: Bruce
16:57:04.0796 2544 Windows directory: C:\WINDOWS
16:57:04.0796 2544 System windows directory: C:\WINDOWS
16:57:04.0796 2544 Processor architecture: Intel x86
16:57:04.0796 2544 Number of processors: 1
16:57:04.0796 2544 Page size: 0x1000
16:57:04.0796 2544 Boot type: Normal boot
16:57:04.0796 2544 ============================================================
16:57:05.0218 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4C54C7E00, SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
16:57:05.0250 2544 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2DC00, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000058
16:57:05.0421 2544 Initialize success
16:57:15.0875 2532 ============================================================
16:57:15.0875 2532 Scan started
16:57:15.0875 2532 Mode: Manual;
16:57:15.0875 2532 ============================================================
16:57:16.0062 2532 Abiosdsk - ok
16:57:16.0078 2532 abp480n5 - ok
16:57:16.0125 2532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:57:16.0125 2532 ACPI - ok
16:57:16.0171 2532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:57:16.0171 2532 ACPIEC - ok
16:57:16.0203 2532 adpu160m - ok
16:57:16.0234 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:57:16.0250 2532 aec - ok
16:57:16.0296 2532 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:57:16.0296 2532 AFD - ok
16:57:16.0312 2532 Aha154x - ok
16:57:16.0343 2532 aic78u2 - ok
16:57:16.0359 2532 aic78xx - ok
16:57:16.0468 2532 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:57:16.0500 2532 ALCXWDM - ok
16:57:16.0562 2532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:57:16.0562 2532 AliIde - ok
16:57:16.0609 2532 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:57:16.0609 2532 AmdK8 - ok
16:57:16.0656 2532 Amps2prt (8e14139857d820b54f27aa2ec24cddff) C:\WINDOWS\system32\Drivers\Amps2prt.sys
16:57:16.0656 2532 Amps2prt - ok
16:57:16.0671 2532 amsint - ok
16:57:16.0703 2532 asc - ok
16:57:16.0718 2532 asc3350p - ok
16:57:16.0750 2532 asc3550 - ok
16:57:16.0812 2532 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
16:57:16.0812 2532 ASCTRM - ok
16:57:16.0875 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:57:16.0875 2532 AsyncMac - ok
16:57:16.0906 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:57:16.0906 2532 atapi - ok
16:57:16.0937 2532 Atdisk - ok
16:57:16.0984 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:57:16.0984 2532 Atmarpc - ok
16:57:17.0031 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:57:17.0031 2532 audstub - ok
16:57:17.0093 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:57:17.0093 2532 Beep - ok
16:57:17.0109 2532 catchme - ok
16:57:17.0156 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:57:17.0156 2532 cbidf2k - ok
16:57:17.0171 2532 cd20xrnt - ok
16:57:17.0203 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:57:17.0203 2532 Cdaudio - ok
16:57:17.0218 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:57:17.0218 2532 Cdfs - ok
16:57:17.0265 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:57:17.0265 2532 Cdrom - ok
16:57:17.0281 2532 Changer - ok
16:57:17.0312 2532 CmdIde - ok
16:57:17.0343 2532 Cpqarray - ok
16:57:17.0359 2532 dac2w2k - ok
16:57:17.0390 2532 dac960nt - ok
16:57:17.0421 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:57:17.0421 2532 Disk - ok
16:57:17.0468 2532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:57:17.0484 2532 dmboot - ok
16:57:17.0515 2532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:57:17.0531 2532 dmio - ok
16:57:17.0546 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:57:17.0546 2532 dmload - ok
16:57:17.0578 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:57:17.0578 2532 DMusic - ok
16:57:17.0609 2532 dpti2o - ok
16:57:17.0640 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:57:17.0640 2532 drmkaud - ok
16:57:17.0687 2532 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
16:57:17.0687 2532 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
16:57:17.0687 2532 dtscsi ( LockedFile.Multi.Generic ) - warning
16:57:17.0687 2532 dtscsi - detected LockedFile.Multi.Generic (1)
16:57:17.0796 2532 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:57:17.0796 2532 eeCtrl - ok
16:57:17.0828 2532 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:57:17.0828 2532 EraserUtilRebootDrv - ok
16:57:17.0890 2532 ET5Drv (57af1036880449056dd8adac9f2d1fe1) C:\WINDOWS\system32\Drivers\ET5Drv.sys
16:57:17.0890 2532 ET5Drv - ok
16:57:17.0937 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:57:17.0937 2532 Fastfat - ok
16:57:17.0953 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:57:17.0953 2532 Fdc - ok
16:57:17.0968 2532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:57:17.0984 2532 Fips - ok
16:57:18.0000 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:57:18.0000 2532 Flpydisk - ok
16:57:18.0031 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:57:18.0031 2532 FltMgr - ok
16:57:18.0062 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:57:18.0062 2532 Fs_Rec - ok
16:57:18.0078 2532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:57:18.0093 2532 Ftdisk - ok
16:57:18.0125 2532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:57:18.0125 2532 gameenum - ok
16:57:18.0140 2532 gdrv (36cf9048cee590c13fa8f007d1cb45ff) C:\WINDOWS\gdrv.sys
16:57:18.0156 2532 gdrv - ok
16:57:18.0203 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:57:18.0203 2532 Gpc - ok
16:57:18.0265 2532 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
16:57:18.0281 2532 HCF_MSFT - ok
16:57:18.0328 2532 hpn - ok
16:57:18.0343 2532 hpt3xx - ok
16:57:18.0406 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:57:18.0406 2532 HTTP - ok
16:57:18.0437 2532 i2omgmt - ok
16:57:18.0453 2532 i2omp - ok
16:57:18.0484 2532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:57:18.0484 2532 i8042prt - ok
16:57:18.0515 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:57:18.0515 2532 Imapi - ok
16:57:18.0546 2532 ini910u - ok
16:57:18.0562 2532 IntelIde - ok
16:57:18.0593 2532 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:57:18.0609 2532 ip6fw - ok
16:57:18.0640 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:57:18.0640 2532 IpFilterDriver - ok
16:57:18.0671 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:57:18.0671 2532 IpInIp - ok
16:57:18.0703 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:57:18.0718 2532 IpNat - ok
16:57:18.0734 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:57:18.0750 2532 IPSec - ok
16:57:18.0781 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:57:18.0781 2532 IRENUM - ok
16:57:18.0812 2532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:57:18.0812 2532 isapnp - ok
16:57:18.0828 2532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:57:18.0843 2532 Kbdclass - ok
16:57:18.0875 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:57:18.0875 2532 kmixer - ok
16:57:18.0921 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:57:18.0921 2532 KSecDD - ok
16:57:18.0968 2532 Lavasoft Kernexplorer - ok
16:57:18.0984 2532 lbrtfdc - ok
16:57:19.0031 2532 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\drivers\m5289.sys
16:57:19.0031 2532 m5289 - ok
16:57:19.0062 2532 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
16:57:19.0062 2532 mbamchameleon - ok
16:57:19.0093 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:57:19.0093 2532 mnmdd - ok
16:57:19.0140 2532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:57:19.0140 2532 Modem - ok
16:57:19.0203 2532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:57:19.0203 2532 Mouclass - ok
16:57:19.0234 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:57:19.0250 2532 MountMgr - ok
16:57:19.0250 2532 mraid35x - ok
16:57:19.0281 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:57:19.0281 2532 MRxDAV - ok
16:57:19.0343 2532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:57:19.0359 2532 MRxSmb - ok
16:57:19.0390 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:57:19.0390 2532 Msfs - ok
16:57:19.0421 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:57:19.0437 2532 MSKSSRV - ok
16:57:19.0453 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:57:19.0453 2532 MSPCLOCK - ok
16:57:19.0484 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:57:19.0484 2532 MSPQM - ok
16:57:19.0515 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:57:19.0515 2532 mssmbios - ok
16:57:19.0546 2532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:57:19.0546 2532 Mup - ok
16:57:19.0656 2532 NAVAP (70c4d2474833b6ef16342e5d33359ff6) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
16:57:19.0671 2532 NAVAP - ok
16:57:19.0687 2532 NAVAPEL (f81a56a1be2c0ea8c2ff320cd5dc9aad) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
16:57:19.0687 2532 NAVAPEL - ok
16:57:19.0734 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:57:19.0734 2532 NDIS - ok
16:57:19.0781 2532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:57:19.0796 2532 NdisTapi - ok
16:57:19.0812 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:57:19.0812 2532 Ndisuio - ok
16:57:19.0843 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:57:19.0843 2532 NdisWan - ok
16:57:19.0890 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:57:19.0890 2532 NDProxy - ok
16:57:19.0906 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:57:19.0906 2532 NetBIOS - ok
16:57:19.0937 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:57:19.0937 2532 NetBT - ok
16:57:19.0984 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:57:19.0984 2532 Npfs - ok
16:57:20.0031 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:57:20.0031 2532 Ntfs - ok
16:57:20.0062 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:57:20.0062 2532 Null - ok
16:57:20.0203 2532 nv (7fe3f1721856365c882dae13f3600223) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:57:20.0250 2532 nv - ok
16:57:20.0312 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:57:20.0312 2532 NwlnkFlt - ok
16:57:20.0328 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:57:20.0328 2532 NwlnkFwd - ok
16:57:20.0375 2532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:57:20.0375 2532 Parport - ok
16:57:20.0421 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:57:20.0421 2532 PartMgr - ok
16:57:20.0453 2532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:57:20.0453 2532 ParVdm - ok
16:57:20.0468 2532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:57:20.0468 2532 PCI - ok
16:57:20.0484 2532 PCIDump - ok
16:57:20.0500 2532 PCIIde - ok
16:57:20.0546 2532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:57:20.0546 2532 Pcmcia - ok
16:57:20.0562 2532 PDCOMP - ok
16:57:20.0593 2532 PDFRAME - ok
16:57:20.0609 2532 PDRELI - ok
16:57:20.0625 2532 PDRFRAME - ok
16:57:20.0640 2532 perc2 - ok
16:57:20.0671 2532 perc2hib - ok
16:57:20.0734 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:57:20.0734 2532 PptpMiniport - ok
16:57:20.0765 2532 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:57:20.0765 2532 Processor - ok
16:57:20.0781 2532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:57:20.0781 2532 PSched - ok
16:57:20.0812 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:57:20.0812 2532 Ptilink - ok
16:57:20.0828 2532 ql1080 - ok
16:57:20.0843 2532 Ql10wnt - ok
16:57:20.0859 2532 ql12160 - ok
16:57:20.0890 2532 ql1240 - ok
16:57:20.0906 2532 ql1280 - ok
16:57:20.0937 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:57:20.0953 2532 RasAcd - ok
16:57:20.0968 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:57:20.0968 2532 Rasl2tp - ok
16:57:21.0000 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:57:21.0000 2532 RasPppoe - ok
16:57:21.0015 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:57:21.0015 2532 Raspti - ok
16:57:21.0046 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:57:21.0046 2532 Rdbss - ok
16:57:21.0078 2532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:57:21.0078 2532 RDPCDD - ok
16:57:21.0109 2532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:57:21.0109 2532 rdpdr - ok
16:57:21.0171 2532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:57:21.0171 2532 RDPWD - ok
16:57:21.0203 2532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:57:21.0218 2532 redbook - ok
16:57:21.0281 2532 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:57:21.0296 2532 RTL8023xp - ok
16:57:21.0343 2532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:57:21.0343 2532 rtl8139 - ok
16:57:21.0437 2532 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:57:21.0437 2532 SASDIFSV - ok
16:57:21.0453 2532 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:57:21.0453 2532 SASKUTIL - ok
16:57:21.0515 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:57:21.0515 2532 Secdrv - ok
16:57:21.0562 2532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:57:21.0562 2532 serenum - ok
16:57:21.0593 2532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:57:21.0593 2532 Serial - ok
16:57:21.0656 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:57:21.0656 2532 Sfloppy - ok
16:57:21.0671 2532 Simbad - ok
16:57:21.0703 2532 Sparrow - ok
16:57:21.0718 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:57:21.0734 2532 splitter - ok
16:57:21.0812 2532 sptd (1669769eb21ba54c217b2764a31b58d0) C:\WINDOWS\system32\Drivers\sptd.sys
16:57:21.0812 2532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 1669769eb21ba54c217b2764a31b58d0
16:57:21.0812 2532 sptd ( LockedFile.Multi.Generic ) - warning
16:57:21.0812 2532 sptd - detected LockedFile.Multi.Generic (1)
16:57:21.0843 2532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:57:21.0843 2532 sr - ok
16:57:21.0890 2532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:57:21.0906 2532 Srv - ok
16:57:21.0953 2532 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
16:57:21.0953 2532 SSKBFD - ok
16:57:22.0015 2532 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:57:22.0015 2532 StillCam - ok
16:57:22.0031 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:57:22.0046 2532 swenum - ok
16:57:22.0062 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:57:22.0078 2532 swmidi - ok
16:57:22.0093 2532 symc810 - ok
16:57:22.0125 2532 symc8xx - ok
16:57:22.0171 2532 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:57:22.0187 2532 SymEvent - ok
16:57:22.0203 2532 sym_hi - ok
16:57:22.0218 2532 sym_u3 - ok
16:57:22.0250 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:57:22.0250 2532 sysaudio - ok
16:57:22.0328 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:57:22.0328 2532 Tcpip - ok
16:57:22.0375 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:57:22.0375 2532 TDPIPE - ok
16:57:22.0390 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:57:22.0406 2532 TDTCP - ok
16:57:22.0437 2532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:57:22.0437 2532 TermDD - ok
16:57:22.0468 2532 TosIde - ok
16:57:22.0515 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:57:22.0515 2532 Udfs - ok
16:57:22.0562 2532 uliagpkx (67ab641cc203081780e8483faa959549) C:\WINDOWS\system32\DRIVERS\agpkx.sys
16:57:22.0562 2532 uliagpkx - ok
16:57:22.0593 2532 ultra - ok
16:57:22.0625 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:57:22.0625 2532 Update - ok
16:57:22.0687 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:57:22.0687 2532 usbehci - ok
16:57:22.0703 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:57:22.0703 2532 usbhub - ok
16:57:22.0734 2532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:57:22.0734 2532 usbohci - ok
16:57:22.0765 2532 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
16:57:22.0765 2532 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
16:57:22.0765 2532 vaxscsi ( LockedFile.Multi.Generic ) - warning
16:57:22.0765 2532 vaxscsi - detected LockedFile.Multi.Generic (1)
16:57:22.0781 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:57:22.0796 2532 VgaSave - ok
16:57:22.0812 2532 ViaIde - ok
16:57:22.0828 2532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:57:22.0828 2532 VolSnap - ok
16:57:22.0875 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:57:22.0875 2532 Wanarp - ok
16:57:22.0921 2532 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:57:22.0937 2532 wanatw - ok
16:57:22.0953 2532 WDICA - ok
16:57:22.0984 2532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:57:22.0984 2532 wdmaud - ok
16:57:23.0093 2532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:57:23.0093 2532 WS2IFSL - ok
16:57:23.0187 2532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:57:23.0187 2532 WudfPf - ok
16:57:23.0203 2532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:57:23.0203 2532 WudfRd - ok
16:57:23.0265 2532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:57:23.0437 2532 \Device\Harddisk0\DR0 - ok
16:57:23.0453 2532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:57:23.0609 2532 \Device\Harddisk1\DR1 - ok
16:57:23.0625 2532 Boot (0x1200) (2314995e85f23b8fd554933192813196) \Device\Harddisk0\DR0\Partition0
16:57:23.0625 2532 \Device\Harddisk0\DR0\Partition0 - ok
16:57:23.0656 2532 Boot (0x1200) (b0bace90a67378428fdc1cd3d096194e) \Device\Harddisk0\DR0\Partition1
16:57:23.0656 2532 \Device\Harddisk0\DR0\Partition1 - ok
16:57:23.0687 2532 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
16:57:23.0687 2532 \Device\Harddisk0\DR0\Partition2 - ok
16:57:23.0687 2532 Boot (0x1200) (4e418a58d367408e286c4310b75e2d34) \Device\Harddisk1\DR1\Partition0
16:57:23.0687 2532 \Device\Harddisk1\DR1\Partition0 - ok
16:57:23.0703 2532 ============================================================
16:57:23.0703 2532 Scan finished
16:57:23.0703 2532 ============================================================
16:57:23.0718 2552 Detected object count: 3
16:57:23.0718 2552 Actual detected object count: 3
16:57:35.0859 2552 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
16:57:35.0859 2552 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:57:35.0859 2552 vaxscsi ( LockedFile.Multi.Generic ) - skipped by user
16:57:35.0859 2552 vaxscsi ( LockedFile.Multi.Generic ) - User select action: Skip

#30 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 03:59 PM

Can you follow the instructions in my previous reply please
Thanks for the info, we'll deal with that in a bit

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#31 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 04:23 PM

Let's clean up some tools
Properly uninstall ComboFix
Go to START>>RUN
Copy/paste the next command and then hit OK

ComboFix /uninstall

follow the prompts
If you didn't uninstall Eset online scanner
delete (esetsmartinstaller_enu.exe)
navigate to Eset folder C:\Program Files\EsetOnlineScanner
and run the uninstaller

Go ahead and manually delete TDSSKiller and it's associated files/folder
delete DDS and it's reports
Delete Junction.zip and the file junction.exe in the Windows directory (C:\Windows)
Delete AntiZeroAccess and it's log

run GrantPerms.exe
Copy and paste the following in the quote box, don't include the word 'quote':

c:\\Documents and Settings\Bruce\Desktop\OTL.exe


Click Unlock. When it is done click "OK".

Then go ahead and delete OTL.exe and GrantPerms.exe and logs

Let's uninstall old outdated Java products, they are insecure and open to infections
Close down all browser windows and access Add and Remove Programs and uninstall the following
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 13
Java™ 6 Update 3
Java™ 6 Update 7


Don't reboot if prompted, just carry on removing all versions/updates

Afterwards:Download and save to desktop JavaRA from the following link
http://sourceforge.n...Ra.zip/download
Extract to it's own folder
Open the folder and double click on JavaRa.exe
Choose 'English' then click "Select"
Under "Additional tasks" select the top 3 selections and also the bottom 2 selections
Then click GO
OK all the prompts, close the box afterwards
Ensure all browser windows are closed and choose "Remove older versions"

A log will open, you can just close it and delete JavaRa
In addition, remove
Viewpoint Media Player
It may of been preinstalled, or unintentionally installed

Reboot the computer
Back in Windows
Install the latest version of Sun Java from the following location:
http://www.java.com/...nload/index.jsp

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under "Extra Registry" ensure that 'Use Safelist' is selected
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#32 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 06:15 PM

I completed everything on your list.
Here are the two logs you requested.
OTL logfile created on: 1/15/2012 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 281.27 Mb Available Physical Memory | 27.48% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.24 Gb Total Space | 75.06 Gb Free Space | 50.63% Space Free | Partition Type: NTFS
Drive F: | 6.29 Gb Total Space | 4.32 Gb Free Space | 68.70% Space Free | Partition Type: FAT32
Drive G: | 3.91 Gb Total Space | 0.27 Gb Free Space | 6.93% Space Free | Partition Type: NTFS

Computer Name: AMD3300 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 19:00:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
PRC - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/12/17 12:15:12 | 004,689,992 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files\SFT\GuardedID\GIDD.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/11/22 17:16:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1228527480\ee\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 13:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/01 13:46:08 | 001,647,960 | ---- | M] (Seagate) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2008/04/01 13:46:02 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2005/04/01 12:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/03/10 01:56:32 | 000,405,504 | ---- | M] (ALi Corporation) -- C:\Program Files\ULI5289\ALi5289.exe
PRC - [2004/12/22 04:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/21 11:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/12/11 18:41:52 | 000,139,264 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/15 18:14:21 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
MOD - [2012/01/15 18:13:58 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2012/01/15 18:13:52 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2012/01/15 18:13:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/15 18:13:33 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
MOD - [2012/01/15 18:13:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/15 18:12:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2012/01/15 18:12:34 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2012/01/15 18:10:29 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2012/01/15 18:07:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/15 18:07:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/15 18:07:10 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2012/01/15 18:07:00 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2012/01/15 18:06:43 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2012/01/15 18:06:39 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2012/01/15 18:06:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/15 18:06:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/15 18:06:28 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/15 18:06:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/15 18:05:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/15 18:05:31 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/01/15 18:05:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/15 17:44:17 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/01/15 17:44:17 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SystemWebsite removed for spammingntime.Serialization\3.0.0.0__b77a5c561934e089\SystemWebsite removed for spammingntime.Serialization.dll
MOD - [2012/01/15 17:44:16 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012/01/15 17:44:16 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/01/15 10:50:07 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012/01/15 10:50:06 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2011/12/17 12:15:16 | 000,091,720 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\WINDOWS\system32\EasyHook32.dll
MOD - [2006/08/06 12:52:25 | 000,110,592 | ---- | M] () -- C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
MOD - [2006/04/18 17:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002/07/30 10:33:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WebrootSpySweeperService)
SRV - File not found [On_Demand | Stopped] -- -- (Norton AntiVirus Server)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (DefWatch)
SRV - [2011/12/17 12:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/04/01 13:46:22 | 000,161,120 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2005/04/01 12:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2004/04/21 11:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2012/01/15 17:23:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/14 00:23:28 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/01/13 16:28:14 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/01/13 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120114.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/13 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120114.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/23 22:17:32 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gidv2.sys -- (GIDv2)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/05/21 21:24:52 | 000,040,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2006/08/06 10:33:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/08/06 10:04:46 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/08/06 10:01:09 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/07/03 12:19:55 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/03 10:10:01 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2005/05/03 04:31:56 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/22 04:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/30 21:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2000/11/13 18:04:10 | 000,010,195 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...id=cgps01152012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/15 17:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2012/01/15 17:22:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 15:22:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 18:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/01/15 10:39:13 | 000,000,000 | ---D | M]

[2009/12/11 16:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Extensions
[2011/04/25 21:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions
[2012/01/15 17:25:41 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2010/05/01 10:26:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9o218xc0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/01/15 18:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/15 18:56:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/13 15:11:21 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WHITE SKY, INC\ID VAULT\XPCOM6
[2012/01/15 18:55:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/15 17:48:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/02 15:22:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/15 18:55:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 15:22:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/01/14 23:38:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe (ALi Corporation)
O4 - HKLM..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe ()
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1228527480\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe (Streamware Development)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WheelMouse] Amoumain.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: Email Removed ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1151899614577 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C667E55-A13A-427B-9BB2-9028CB4ACB7E}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/02 10:53:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/10 23:13:42 | 000,000,194 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2003/02/10 23:13:42 | 000,000,194 | ---- | M] () - F:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 19:00:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2012/01/15 18:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/15 18:55:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/15 18:55:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/15 18:55:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/15 18:55:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/15 18:55:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/15 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/15 18:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Desktop\JavaRa
[2012/01/15 18:17:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/15 17:23:27 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2012/01/15 17:23:27 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2012/01/15 17:23:26 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2012/01/15 17:23:26 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2012/01/15 17:23:26 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2012/01/15 17:23:26 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2012/01/15 17:23:25 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2012/01/15 17:23:25 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2012/01/15 17:22:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2012/01/15 17:19:48 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/01/15 17:19:48 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/01/15 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/15 17:19:39 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/01/15 17:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2012/01/15 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/01/15 17:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2012/01/15 17:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/15 17:11:27 | 000,025,232 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\WINDOWS\System32\drivers\gidv2.sys
[2012/01/15 17:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\GID
[2012/01/15 17:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\SFT
[2012/01/15 17:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\CallingID
[2012/01/15 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2012/01/15 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2012/01/15 17:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\xfin_portal
[2012/01/15 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\xfin_portal
[2012/01/15 13:36:23 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2012/01/15 12:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\Temp
[2012/01/15 11:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\A4Tech Hardware
[2012/01/15 11:02:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\TFC.exe
[2012/01/15 10:56:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/15 10:49:02 | 000,000,000 | ---D | C] -- C:\e59a1f2380de95b036bcbb9eef27
[2012/01/15 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/14 23:25:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/14 23:22:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/14 12:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bruce\Start Menu\Programs\Administrative Tools
[2012/01/14 12:58:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2012/01/13 16:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\Tific
[2012/01/13 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/01/13 15:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/01/13 15:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/01/13 15:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\My Documents\Symantec
[2012/01/13 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/01/13 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/01/13 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2012/01/13 15:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/01/13 15:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Local Settings\Application Data\ID Vault
[2012/01/13 15:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce\Application Data\ID Vault
[2012/01/13 15:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2012/01/13 15:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/13 15:06:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/01/13 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/01/13 15:05:12 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2012/01/13 15:03:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/01/13 15:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc

========== Files - Modified Within 30 Days ==========

[2012/01/15 19:00:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\OTL.exe
[2012/01/15 18:55:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/15 18:55:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/15 18:55:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/15 18:55:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/15 18:55:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/15 18:51:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/15 18:51:31 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/15 18:50:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 18:40:28 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\JavaRa.zip
[2012/01/15 18:09:14 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/15 18:05:40 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/15 18:05:40 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 18:00:25 | 000,724,242 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2012/01/15 18:00:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/15 17:30:40 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/01/15 17:23:30 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/01/15 17:23:30 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/01/15 17:23:30 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/01/15 17:23:30 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/15 17:19:10 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Norton Installation Files.lnk
[2012/01/15 17:09:39 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Constant Guard.lnk
[2012/01/15 15:34:48 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Norton_Removal_Tool.exe
[2012/01/15 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/15 13:40:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2012/01/15 13:36:40 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bruce\Desktop\aswMBR.exe
[2012/01/15 12:56:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/15 11:02:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce\Desktop\TFC.exe
[2012/01/15 10:43:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Bruce\Desktop\Microsoft Word.lnk
[2012/01/15 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/14 23:58:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/14 23:38:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/14 23:25:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/14 20:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/14 12:58:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce\Desktop\dds.scr
[2012/01/14 00:23:28 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/13 22:38:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/01/15 18:40:31 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\JavaRa.zip
[2012/01/15 18:07:43 | 000,115,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/01/15 17:29:32 | 000,724,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2012/01/15 17:23:27 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2012/01/15 17:23:26 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2012/01/15 17:23:26 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2012/01/15 17:23:26 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2012/01/15 17:23:26 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2012/01/15 17:23:26 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2012/01/15 17:23:26 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2012/01/15 17:23:26 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2012/01/15 17:23:26 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2012/01/15 17:23:25 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2012/01/15 17:23:25 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2012/01/15 17:23:25 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2012/01/15 17:23:25 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2012/01/15 17:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2012/01/15 17:22:49 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2012/01/15 17:19:48 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/01/15 17:19:48 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/01/15 17:19:45 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2012/01/15 17:19:10 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Norton Installation Files.lnk
[2012/01/15 17:09:39 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Constant Guard.lnk
[2012/01/15 17:09:39 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Constant Guard.lnk
[2012/01/15 15:34:50 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\Norton_Removal_Tool.exe
[2012/01/15 13:40:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bruce\Desktop\MBR.dat
[2012/01/15 10:39:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/14 23:25:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/14 23:25:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/13 23:42:26 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/13 22:38:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/04/27 21:48:39 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/04/26 08:19:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 08:19:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/06/12 16:32:16 | 000,104,456 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/24 15:21:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/02/24 15:19:58 | 000,000,048 | ---- | C] () -- C:\WINDOWS\IVCI.INI
[2008/04/02 21:23:37 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2007/03/22 15:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/11/28 11:03:43 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/08/06 14:15:30 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
[2006/08/06 13:02:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
[2006/08/06 12:52:35 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/08/06 12:52:35 | 000,036,104 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/08/06 10:33:00 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/08/06 10:04:46 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/08/06 10:01:09 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd1725.sys
[2006/07/11 23:11:08 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/11 21:56:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/07/11 21:56:33 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/07/03 15:20:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/03 15:20:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/07/03 13:34:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/03 12:21:08 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/07/03 10:48:12 | 000,003,104 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/03 10:48:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/03 10:10:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\gdrv.sys
[2006/07/03 09:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/07/02 23:11:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/07/02 23:05:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/07/02 23:02:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/07/02 23:02:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/07/02 23:02:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/07/02 23:02:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\unM5289.exe
[2006/07/02 23:01:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnAGP.exe
[2006/07/02 10:55:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/02 10:51:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/02 06:43:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/02 06:42:45 | 000,181,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/20 20:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/03 22:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 22:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/07/30 10:33:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/23 17:09:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:09:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:09:38 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:09:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:09:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:09:38 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:09:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:09:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:09:38 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:09:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 17:09:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 1/15/2012 7:03:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 281.27 Mb Available Physical Memory | 27.48% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.24 Gb Total Space | 75.06 Gb Free Space | 50.63% Space Free | Partition Type: NTFS
Drive F: | 6.29 Gb Total Space | 4.32 Gb Free Space | 68.70% Space Free | Partition Type: FAT32
Drive G: | 3.91 Gb Total Space | 0.27 Gb Free Space | 6.93% Space Free | Partition Type: NTFS

Computer Name: AMD3300 | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gigabyte\ET5\update.exe" = C:\Program Files\Gigabyte\ET5\update.exe:*:Enabled:ftptest -- ()
"C:\Program Files\America Online 9.0\wEmail Removedexe" = C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\Bruce\Local Settings\temp\7zS1.tmp\SymNRT.exe" = C:\Documents and Settings\Bruce\Local Settings\temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Help
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{869D453C-53E8-4DE0-92EA-F574A22E82AE}" = HP Officejet Pro 8500 A910 Basic Device Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE292FF3-E397-4350-9B70-6E0429F02AE1}" = Maxtor Central Axis Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3624DFE-B0AB-410A-9BDC-5D1681E5E388}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{EC16B64A-38A7-4D7D-BA2E-671ED441304F}" = ULi PCI to AGP Controller Driver
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"CamStudio" = CamStudio
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"EasyTune5" = EasyTune5
"FLAC" = FLAC Installer 1.1.2a (remove only)
"ID Vault" = Constant Guard Protection Suite
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CE292FF3-E397-4350-9B70-6E0429F02AE1}" = Maxtor Central Axis Manager
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"One-click Audio Converter_is1" = One-click Audio Converter Uninstall
"PrintKey2000" = PrintKey2000
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TeamViewer 6" = TeamViewer 6
"TorrentMan Toolbar" = TorrentMan Toolbar
"ULi M5289 SATA Controller Driver" = ULi M5289 SATA Controller Driver
"WheelMouse" = A4Tech iWheelWorks V7.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xfin_portal" = XFINITY Toolbar
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2011 3:01:54 PM | Computer Name = AMD3300 | Source = Application Error | ID = 1000
Description = Faulting application update.exe, version 6.3.13.0, faulting module
unknown, version 0.0.0.0, fault address 0xffbadd11.

Error - 1/13/2012 5:57:32 PM | Computer Name = AMD3300 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2012 12:33:09 AM | Computer Name = AMD3300 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 1/15/2012 6:05:24 PM | Computer Name = AMD3300 | Source = DefWatch | ID = 34048
Description =

Error - 1/15/2012 6:15:04 PM | Computer Name = AMD3300 | Source = DefWatch | ID = 34048
Description =

[ System Events ]
Error - 1/15/2012 12:05:31 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 1/15/2012 12:05:32 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7034
Description = The StarWind iSCSI Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/15/2012 12:05:32 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/15/2012 12:07:32 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 1/15/2012 2:24:13 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 1/15/2012 5:24:35 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 1/15/2012 6:05:47 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 1/15/2012 6:15:08 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 1/15/2012 6:15:38 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CGPS Service service
to connect.

Error - 1/15/2012 6:15:38 PM | Computer Name = AMD3300 | Source = Service Control Manager | ID = 7000
Description = The CGPS Service service failed to start due to the following error:
%%1053


< End of report >

#33 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 06:26 PM

I see Norton Security Suite installed. Did you just reinstall it, is it supplied by Comcast?
Does it seem to be functioning properly?
Are you having any problems?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#34 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 07:20 PM

I did install Norton Security Suite supplied by Comcast. It seems to be working fine.

I am having a problem trying to open Start/Settings/Control Panel/Add or Remove Programs. About an hour ago I timed it and it took 2 min 3 secs to populate the list of programs when I clicked on it. Now when I try, nothing happens at all.

I'm going to reboot and see if it continues.

#35 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 07:39 PM

I'm going to reboot and see if it continues.


So what happened?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#36 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 07:52 PM

Still takes about 2 minutes to populate list to Add or Remove Programs.
Maybe not a big deal, just seem longer than usual when you are sitting there waiting for 2 minutes.

I updated SuperAntiSpyware Free Edition but did not run a scan yet.

Still have a lot of files left over on desktop.

Attach
dds
Extras
JavaRa
MBR
OTL
TFC



#37 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 07:56 PM

Hold onto OTL for just a bit
you can delete the rest

Why not run a scan with Superantispyware
Let me know how it comes back

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#38 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 08:00 PM

Okay

#39 ba5852

ba5852

    Member

  • Members
  • PipPipPip
  • 81 posts

Posted 15 January 2012 - 09:24 PM

SuperAntiSpyware found a bunch of tracking cookies and the following:

Trojan.Agent/Gen-Autorun[Swisyn]
Trojan.Agent/Gen-Wapomi
Trojan.Dropper/UserInit-Fake

After reviewing the associated files I think these were false positives.
_____________________________________________________

Log from SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/07/2011 at 05:09 PM

Application Version : 4.52.1000

Core Rules Database Version : 7011
Trace Rules Database Version: 4823

Scan type : Complete Scan
Total Scan Time : 00:51:24

Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 5843
Registry threats detected : 0
File items scanned : 41045
File threats detected : 94

Adware.Tracking Cookie
.doubleclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
.fastclick.net [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
statse.webtrendslive.com [ F:\WINDOWS\Application Data\Mozilla\Profiles\default\hech2bwu.slt\cookies.txt ]
F:\WINDOWS\Cookies\[email protected][1].txt
.atdmt.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.revsci.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.revsci.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.2o7.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.apmebf.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.atwola.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.goclick.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.insightexpressai.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.maxserving.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.nextag.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.nextag.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.pathfinder.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.perf.overture.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.qksrv.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.realmedia.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.statcounter.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.techtracker.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.tribalfusion.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.versiontracker.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.z1.adserver.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.z1.adserver.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
.zedo.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
ads.specificpop.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
bs.serving-sys.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
rightmedia.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
server.iad.liveperson.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
server.iad.liveperson.net [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
www.addfreestats.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
www2.addfreestats.com [ G:\Documents and Settings\Administrator\Application Data\Mozilla\Users50\default\lkpeyjma.slt\cookies.txt ]
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
G:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
G:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
.freefind.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
hc2.humanclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.doubleclick.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.mediaplex.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.fastclick.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.advertising.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.mediaplex.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.atdmt.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bluestreak.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.overture.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
citi.bridgetrack.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.tribalfusion.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.stockbanners.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.bizrate.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.hitbox.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
statse.webtrendslive.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
hc2.humanclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
www.qksrv.net [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.valueclick.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
.edgeWebsite removed for spamming4.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]
statse.webtrendslive.com [ G:\Documents and Settings\administrator.HOME\Application Data\Mozilla\Profiles\default\809q98wd.slt\cookies.txt ]

#40 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 15 January 2012 - 09:52 PM

Can you open Task Manager, right click bottom task bar and choose Task Manager
Open the processes tab

Leave this window open
Open Add/Remove programs in control panel
What does the CPU % climb to, what is using the most Memory Useage?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here