Free Malware Removal Forum

by **Cypher** » October 25th, 2009, 12:45 pm

Hi jackolantern

I hope that it is not considered bad form to engage in dialog while being helped.

From my first post.... If you don't know or understand something, please don't hesitate to ask

Ok lets try this.
Please be sure that ThreatFire and Ad-Aware are still disabled.

Next.

Disable Trojan Hunter Guard

Navigate to the TrojanHunter Guard icon in the lower right corner of your screen.
It is light blue with a magnifying glass that can be difficult to see but the handle is red.
Right click it and select settings. Uncheck "Load at startup" and "Enabled"
Note: Don't forget to re-enable it, when your computer is clean.

Next.

Disable Avast Anti-Virus

Launch Avast Anti-Virus
Click Menu > Settings > Troubleshooting
Check Disable Avast self defence module then click OK
Exit out of Avast Anti-Virus.
Note: Don't forget to re-enable it after the online scan

Next.

PANDA ONLINE SCAN

Please go >here< to run Panda's ActiveScan

Once you are on the Panda site, click the Scan your PC now button
A new window will open...click the Scan Now button
Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
When the scan has finished, click on Export To
Save the file as Activescan.txt to your Desktop
Close the Activescan window then go to your Desktop
Double-click on Activescan.txt and it will open in Notepad
In Notepad, click Edit > Select all, then Edit > Copy
Reply to this thread and click Ctrl+V to paste the log in your reply

Next.

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.

Save this file and copy/paste it in your next reply.

In your next reply.

1. Panda Activescan.txt log.
2. MGADiag log.

by **jackolantern** » October 25th, 2009, 9:14 pm

Followed all instructions.

Panda online scanner failed at 13% and 119 infections 7-8x. Also disabled Firefox add ons that might initiate internet traffic that could cause conflicts with scanner. No luck.

MGADiag.exe was run but clicking "copy" had no effect and I was not able to copy results.

by **Cypher** » October 26th, 2009, 1:01 pm

Hi jackolantern.
I need some more information about the problems you are having.

updates" are always required every day and are always the same files.

What are the updates in question?

I need you to uninstall some programs as something in preventing tools from running.

Add/Remove programs

Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the following.

Advanced SystemCare 3
COMODO Firewall
COMODO Registry Cleaner BETA
Threatfire

Next.

Click Start, click Run, type Firewall.cpl, and then click OK.
On the General tab, click On (recommended).
Click OK.

Next.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform Full Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Next.

Please try to run this now.

Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.

Save this file and copy/paste it in your next reply.

In your next reply.

1. Malwarebytes log.
2. OTListIt.txt log. and OTL Extra.txt log.
3. MGADiag log.
4. Please answer my question about the updates.

by **jackolantern** » October 27th, 2009, 1:12 am

Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 3

10/26/2009 10:06:10 PM
mbam-log-2009-10-26 (22-06-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 188497
Time elapsed: 53 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

by **Cypher** » October 27th, 2009, 7:28 am

Hi jackolantern.
Please follow my instructions for running OTL and MGADiag.exe and post the requested logs.
Could you please answer my question regarding the updates also.

Thank you.

by **jackolantern** » October 27th, 2009, 10:59 pm

Cypher wrote:Please follow my instructions for running OTL and MGADiag.exe and post the requested logs.

So sorry, old chap! I was in the process of following your instructions by the number but could not get OTL to run. I then noticed that Avast was had reinstalled itself. I was up until 11:30p trying to get Avast uninstalled when My computer froze. I took this as a sign from God and retired for the evening as to have a chance of awaking at 4:00a. I just now have returned from work and with the help of an uninstall tool from AWIL software got Avast uninstalled. I am in the process of continuing down the list and continue to work diligently complying with your instructions. Thank you for your continued patience, jackolantern

by **jackolantern** » October 28th, 2009, 12:00 am

OTL logfile created on: 10/27/2009 8:52:35 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.37 Mb Total Physical Memory | 81.68 Mb Available Physical Memory | 33.02% Memory free
604.37 Mb Paging File | 471.64 Mb Available in Paging File | 78.04% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.23 Gb Total Space | 18.71 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 64.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFS8FQ61
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Larry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [On_Demand | Stopped]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (ThreatFire [Auto | Stopped]) -- File not found
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RapFile [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RapFile.sys (Internet Security Systems, Inc.)
DRV - (RapNet [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RapNet.sys (Internet Security Systems, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Larry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-727676555-7934855-426210013-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKU\S-1-5-21-727676555-7934855-426210013-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-727676555-7934855-426210013-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-727676555-7934855-426210013-1006\S-1-5-21-727676555-7934855-426210013-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {8585C31E-1E94-4498-ACEC-CB913A05FC52}:3.5.0
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.8
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.12
FF - prefs.js..extensions.enabledItems: {8e9008b4-ec7c-4c2a-828e-007d5d2dad22}:1.2
FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.2
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.4.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/27 20:27:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/27 20:15:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/27 20:15:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/13 21:44:09 | 00,000,000 | ---D | M]

[2008/08/21 20:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions
[2008/08/21 20:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/27 20:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions
[2009/10/27 18:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/07/09 15:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/10/09 21:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/08/19 22:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2009/09/17 19:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2009/10/27 18:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/07 17:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/08/19 22:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/08/20 18:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{8e9008b4-ec7c-4c2a-828e-007d5d2dad22}
[2009/09/22 21:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/05/04 18:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2009/07/28 18:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/19 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/04 18:35:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/09/18 20:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/30 18:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\firebug@software.joehewitt.com
[2009/08/12 22:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\firefox@ghostery.com
[2009/04/20 20:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\hidemyass@scriptlance.com
[2009/09/17 19:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\trackmenot@mrl.nyu.edu
[2009/03/22 18:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\mozilla\Firefox\Profiles\447kj9mc.default\extensions\trustme@gness.com
[2009/10/20 21:28:35 | 00,002,136 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\FireFox\Profiles\447kj9mc.default\searchplugins\flickr-tags.xml
[2009/10/20 21:28:36 | 00,005,511 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\FireFox\Profiles\447kj9mc.default\searchplugins\foodtv.xml
[2008/06/22 06:13:21 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\FireFox\Profiles\447kj9mc.default\searchplugins\jeeves.xml
[2008/05/31 05:47:00 | 00,000,958 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\FireFox\Profiles\447kj9mc.default\searchplugins\scroogle.xml
[2008/05/10 21:14:14 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\FireFox\Profiles\447kj9mc.default\searchplugins\webster.xml
[2009/05/13 12:04:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/27 20:15:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/27 20:14:41 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/27 20:14:41 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/27 20:14:44 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/15 21:13:12 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2005/06/21 15:07:04 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/24 18:55:36 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/24 18:55:36 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/24 18:55:36 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/24 18:55:36 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/24 18:55:36 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/15 21:13:53 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/04/15 21:12:59 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/09/13 10:44:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/13 10:44:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/13 10:44:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/13 10:44:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/13 10:44:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/13 10:44:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/13 10:44:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (331165 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11344 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (IAS Attribute Dictionary) - {6BC09692-0CE6-11D1-BAAE-00C04FC2E20D} - C:\WINDOWS\System32\iasrecst.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IAS Netsh Jet Helper) - {6BC09693-0CE6-11D1-BAAE-00C04FC2E20D} - C:\WINDOWS\System32\iasrecst.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (IAS OLE-DB Data Store) - {6BC096C4-0CE6-11D1-BAAE-00C04FC2E20D} - C:\WINDOWS\System32\iasrecst.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AcrobatAccess Class) - {C523F39F-9C83-11D3-9094-00104BD0D535} - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF Preview Handler for Vista) - {DC6EFB56-9CFA-464D-8880-44885D7DC193} - C:\Program Files\Adobe\Reader 9.0\Reader\pdfprevhndlr.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-727676555-7934855-426210013-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-727676555-7934855-426210013-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-727676555-7934855-426210013-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-727676555-7934855-426210013-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-727676555-7934855-426210013-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-727676555-7934855-426210013-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\S-1-5-21-727676555-7934855-426210013-1006\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.106.192.61
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[15 C:\WINDOWS\System32\*.tmp files]
[2009/10/11 17:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/25 17:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/05 05:51:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\TrojanHunter
[2009/10/12 20:30:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Comodo
[2009/10/27 20:23:05 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/25 13:16:48 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/10/27 20:22:53 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/12 20:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/04 17:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.2
[2009/10/27 20:23:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/27 20:21:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/27 20:21:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/27 20:21:52 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/27 20:21:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/10/27 20:21:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/27 20:21:52 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/27 20:21:52 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/27 20:21:51 | 00,000,000 | ---D | C] -- C:\7f2c0018bc7d5906607907428ec44e5f
[2009/10/27 19:00:33 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/10/27 18:59:41 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/10/26 22:12:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/10/25 13:20:00 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/10/20 22:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\SysProt
[2009/10/19 21:49:33 | 00,000,000 | ---D | C] -- C:\rsit

========== Files - Modified Within 30 Days ==========

[15 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/27 20:51:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/27 20:43:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 20:43:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 20:43:13 | 25,945,7024 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/27 20:43:13 | 00,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/27 20:41:56 | 06,966,974 | -H-- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2009/10/27 20:35:31 | 00,506,878 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/27 20:35:31 | 00,444,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/27 20:35:31 | 00,073,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/27 19:04:10 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/27 19:00:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/26 22:13:14 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2009/10/25 12:16:27 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/24 09:48:38 | 00,061,678 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\PFP120JPR.{PB
[2009/10/24 09:48:38 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\PFP120JCM.{PB
[2009/10/24 09:47:44 | 00,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/10/24 09:00:01 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart 2570 series.job
[2009/10/22 23:08:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ISHARE
[2009/10/21 20:51:25 | 02,664,072 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\esetsmartinstaller_enu.exe
[2009/10/19 21:23:14 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\RSIT.exe
[2009/10/12 20:54:24 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/10/04 17:11:07 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/10/04 17:10:18 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\TrojanHunter.lnk
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/30 18:33:01 | 02,097,152 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\New Folder30_09_2009_18_33_08.sdb

========== Files - No Company Name ==========
[2009/10/22 19:38:39 | 02,664,072 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\esetsmartinstaller_enu.exe
[2009/10/19 21:22:47 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\RSIT.exe
[2009/10/19 18:54:23 | 25,945,7024 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/12 20:54:22 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\HijackThis.lnk
[2009/10/04 17:10:18 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\TrojanHunter.lnk
[2009/10/04 17:09:50 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/09/30 18:33:09 | 02,097,152 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\New Folder30_09_2009_18_33_08.sdb
[2009/08/01 15:19:15 | 00,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009/06/14 12:04:14 | 00,034,472 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/06/14 12:04:14 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/06/14 12:03:46 | 00,002,060 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\HPSU_48BitScanUpdate.log
[2009/06/14 12:03:46 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/06/14 11:39:18 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2009/06/14 11:39:17 | 00,000,352 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2009/06/14 11:39:17 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/06/14 11:38:34 | 00,002,833 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PatchUpdate_InstantShareJPG.log
[2009/06/14 11:38:34 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/06/14 11:37:34 | 00,003,623 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/06/14 11:37:34 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/06/14 11:17:21 | 00,080,068 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/06/14 11:17:21 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/06/14 00:37:51 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2008/09/18 22:11:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/06/17 21:17:18 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/17 12:15:44 | 06,966,974 | -H-- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2008/04/09 16:54:20 | 00,095,589 | ---- | C] () -- C:\Program Files\Credentials-Large.jpg
[2007/12/02 20:13:54 | 00,000,367 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2007/12/02 20:12:29 | 00,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2007/04/28 13:51:48 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\qrz32.dll
[2007/04/28 13:51:48 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll
[2007/04/28 13:51:48 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RACCD32a.dll
[2007/04/28 13:51:48 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\Hamcal32.dll
[2007/01/27 13:14:02 | 00,000,433 | ---- | C] () -- C:\WINDOWS\raccalbk.ini
[2006/08/17 14:04:10 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys
[2006/07/29 00:11:36 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2006/06/18 09:27:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/25 22:12:54 | 00,000,657 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2005/12/25 22:12:38 | 00,000,470 | ---- | C] () -- C:\WINDOWS\superball.ini
[2005/12/04 20:14:16 | 00,000,477 | ---- | C] () -- C:\WINDOWS\Bible.INI
[2005/12/04 20:13:19 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/04 18:28:02 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/13 10:19:37 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PFP120JPR.{PB
[2005/11/13 10:19:37 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\PFP120JCM.{PB
[2005/11/10 11:16:47 | 00,038,928 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/10 11:16:45 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\fusioncache.dat
[2005/11/09 09:50:15 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/11/09 09:45:55 | 00,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/08 23:57:32 | 00,000,546 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/11/08 21:28:59 | 00,000,638 | ---- | C] () -- C:\WINDOWS\TTutor7.ini
[2005/11/08 21:12:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/11/08 19:23:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Larry\Application Data\desktop.ini
[2005/11/08 11:44:28 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/08 11:44:28 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\0D22A60220.sys
[2005/06/21 15:13:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/21 15:07:40 | 00,000,182 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 14:59:00 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/21 14:58:06 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/21 14:39:14 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/21 14:38:44 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/28 06:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/15 16:24:59 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 11:12:05 | 00,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 10:51:28 | 00,000,650 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/28 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:061FEEDF
< End of report >

by **jackolantern** » October 28th, 2009, 12:12 am

OTL Extras logfile created on: 10/27/2009 8:52:35 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.37 Mb Total Physical Memory | 81.68 Mb Available Physical Memory | 33.02% Memory free
604.37 Mb Paging File | 471.64 Mb Available in Paging File | 78.04% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.23 Gb Total Space | 18.71 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 64.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFS8FQ61
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Arachnophilia version 4.0_is1" = Arachnophilia version 4.0
"AxCrypt" = AxCrypt (Remove Only)
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KeyboardTest_is1" = KeyboardTest V3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MS Access 97 SP2" = MS Access 97 SP2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrojanHunter_is1" = TrojanHunter 5.2
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"Typing Tutor 7" = Typing Tutor 7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VIGOS Gsitemap_is1" = VIGOS Gsitemap 0.97a
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildBlue Optimizer_is1" = WildBlue Optimizer Ver 2007-07-01
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winlog32_is1" = Winlog32 v3.2.01

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2009 2:38:23 PM | Computer Name = DFS8FQ61 | Source = Application Error | ID = 1000
Description = Faulting application cfp.exe, version 3.9.11372.506, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 7/24/2009 12:47:30 AM | Computer Name = DFS8FQ61 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 8.1.2 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

Error - 9/17/2009 9:13:31 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 489
Description = wuauclt (3816) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/17/2009 9:13:31 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 455
Description = wuaueng.dll (3816) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/17/2009 9:13:46 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 489
Description = wuauclt (3320) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/17/2009 9:13:46 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 455
Description = wuaueng.dll (3320) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/17/2009 9:13:56 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 489
Description = wuauclt (3320) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/17/2009 9:13:56 PM | Computer Name = DFS8FQ61 | Source = ESENT | ID = 455
Description = wuaueng.dll (3320) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/11/2009 8:58:34 PM | Computer Name = DFS8FQ61 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 10/11/2009 9:46:39 PM | Computer Name = DFS8FQ61 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 10/27/2009 8:45:13 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 10/27/2009 8:45:13 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black TfFsMon TfSysMon

Error - 10/27/2009 9:30:43 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 10/27/2009 9:30:45 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black TfFsMon TfSysMon

Error - 10/27/2009 10:06:29 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 10/27/2009 10:06:35 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black TfFsMon TfSysMon

Error - 10/27/2009 11:13:40 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 10/27/2009 11:13:49 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black TfFsMon TfSysMon

Error - 10/27/2009 11:43:28 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 10/27/2009 11:43:36 PM | Computer Name = DFS8FQ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black TfFsMon TfSysMon

< End of report >

by **jackolantern** » October 28th, 2009, 12:38 am

MGADiag.exe ran however clicking "copy" had no visible effect and produced no contents to copy and paste.

Cypher wrote:What are the updates in question?

From my first post

Now problem seems to narrowed to the windows automatic updater. If updater allowed to work, Internet traffic never ends and page file, cpu and commit charge very high. Hour glass never goes away and must reboot to exit. Upon making Automatic Windows Updater "manual", problems stop. Also, "updates" are always required every day and are always the same files.

Threatfire heuristic alert fired once while attempting to install Windows update.

I am sorry if I was not clear. I was still referring to Windows Updates.

It seems that this problem is no longer a factor, at least for the time being.

by **Cypher** » October 28th, 2009, 3:53 pm

Hi jackolantern.

Are you saying your Windows Updates problem is resolved?
Are you having any other problems with your computer how is it performing now?.

by **jackolantern** » October 28th, 2009, 10:31 pm

Cypher wrote:Hi jackolantern.

Are you saying your Windows Updates problem is resolved?
Are you having any other problems with your computer how is it performing now?.

I thought my Window update problem was resolved, but I have another yellow shield in the tray advising me that I have updates awaiting installation every day still.

Computer boots really fast now. I dare say like new.

by **Cypher** » October 29th, 2009, 3:07 pm

Hi jackolantern.

The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
When I am faced with this type of problem I go to these sites below. I have asked for help there myself and they have always been able to solve my problems.

Tech support guy

Windows - problems with operating systems and windows problems.
All other software - problems with all other software.

And

What the tech

Windows - problems with operating systems and windows problems.
All other software - problems with all other software.

So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTMoveIt3 as this step will require a reboot
On the OTM main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any other tools we used if they remain on your desktop.

Create a new, clean System Restore point

Click on Start > All Programs > Accessories > System Tools > System Restore.
On the Welcome Page, select Create a restore point. Click Next.
Give this restore point a descriptive name and click Create.
When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.

Flush infected System Restore points

Right click on My Computer and select Properties.
Select the System Restore tab.
Check (tick) Turn off system restore on all drives box.
Click Apply.
Uncheck (untick) Turn off system restore on all drives box.
Click OK.
Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!

by **jackolantern** » October 29th, 2009, 10:16 pm

Awesome, Cypher.

I can't thank you enough for your hard work and tireless dedication. My computer is running very fast now and boots in seconds. I was ready to (and still may) switch to linux.

Again, Thank you very much!

jackolantern

by **Cypher** » October 30th, 2009, 6:48 am

Hi jackolantern.
You are most welcome

If you have no other questions i will ask for this topic to be closed.
Good luck fixing your other problem.

by **Carolyn** » October 31st, 2009, 10:32 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Re: Trojan Masquerading as Windows Updater? + Log

Who is online