XyberDAWG

Members
  • Content count

    15
  • Joined

  • Last visited

About XyberDAWG

  • Rank
    New Member
  • Birthday 09/18/1984
  1. I ran combofix one more time as per the instructions of the website (I have no net access, and it said to run it again if I lose net access) ComboFix 11-12-15.02 - sellpaint 12/19/2011 13:19:35.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1449 [GMT -5:00] Running from: c:\documents and settings\Sell Paint\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - c:\windows\system32\dllcache\cdrom.sys . c:\windows\system32\proquota.exe . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))) . . 2011-12-17 13:34 . 2011-12-17 13:34 -------- d-----w- c:\windows\LastGood.Tmp 2011-12-17 13:34 . 2008-04-14 12:00 31422 ----a-w- c:\windows\system32\drivers\OLD3.tmp 2011-12-17 13:34 . 2008-04-14 05:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-12-17 13:22 . 2011-12-17 13:23 -------- d-----w- C:\$WIN_NT$.~BT 2011-12-17 13:19 . 2011-12-17 13:19 -------- d-----w- c:\program files\Magical Jelly Bean 2011-12-16 17:56 . 2011-12-16 17:56 -------- d-----w- c:\program files\FLAC 2011-12-14 20:54 . 2011-12-14 20:54 -------- d-----w- c:\windows\system32\vmm32 2011-12-13 20:45 . 2011-12-13 20:45 832968 ----a-w- C:\Sevinst.exe 2011-12-12 19:36 . 2011-12-12 19:36 -------- d-----w- C:\_OTL 2011-12-12 16:11 . 2011-12-12 16:11 -------- d--h--w- c:\windows\PIF 2011-12-10 17:07 . 2011-12-10 17:13 -------- d-----w- C:\favicon 2011-12-09 07:22 . 2011-12-09 07:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-11-21 20:13 . 2011-11-21 20:13 -------- d-----w- c:\documents and settings\Sell Paint\Application Data\PC-FAX TX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 13:20 . 2011-09-07 11:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2011-12-15_18.42.44 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 00:10 . 2008-04-14 05:10 62976 c:\windows\system32\dllcache\cdrom.sys + 2008-04-25 16:16 . 2008-04-14 12:00 2864 c:\windows\system32\dllcache\winsock.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run"="c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-10 149280] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] . c:\documents and settings\Sell Paint\Start Menu\Programs\Startup\ FAXRX.lnk - c:\program files\Brother\Brmfl10f\FAXRX.exe [2011-8-19 544768] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run] 2011-11-15 05:39 1036344 ----a-w- c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-10-24 15:58 136176 ----atw- c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BrYNSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Brother\\Brmfl10f\\FAXRX.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "54925:UDP"= 54925:UDP:BrotherNetwork Scanner . R0 qkqfs;qkqfs;c:\windows\system32\drivers\sywoer.sys [x] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x] R4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760] . . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: comcept.net Trusted Zone: comcept.net\reports Trusted Zone: comcept.net\reports1 Trusted Zone: comcept.net\reports2 Trusted Zone: comcept.net\reports3 Trusted Zone: comcept.net\reports4 Trusted Zone: comcept.net\reports5 Trusted Zone: comcept.net\reports6 Trusted Zone: comcept.net\reports7 Trusted Zone: comcept.net\reports8 Trusted Zone: comcept.net\reports9 Trusted Zone: comcept.us Trusted Zone: orderlinx.net TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 DPF: {6C9BF525-DA4D-4BB6-BD92-47FBDDB42DF5} - hxxp://prod.comcept.net/ActiveX/TaxerCalculator.CAB DPF: {9E8EBAA8-573C-45D2-A64C-DD93489744DE} - hxxps://businesscenter.intuit.com/objects/mtmicrimage.cab DPF: {D312963A-D83D-4766-AB92-DD5A30D5EF95} - hxxp://prod.comcept.net/ActiveX/CMSProdActiveX.CAB DPF: {F90D47D0-F243-49B3-9E7B-F2D49567E626} - hxxp://prod.comcept.net/ActiveX/IEPrintControl.ocx FF - ProfilePath - c:\documents and settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-19 15:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(340) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\ControlCenter4\BrCtrlCntr.exe c:\program files\ControlCenter4\BrCcUxSys.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\imapi.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-12-19 15:22:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-19 20:22 ComboFix2.txt 2011-12-15 18:43 . Pre-Run: 54,040,862,720 bytes free Post-Run: 54,034,690,048 bytes free . - - End Of File - - 5FB4DD5C4404E46DA34C0488D5F9DB03 I still have no Net access.
  2. I am around this morning to work on it if anyone reads these.
  3. It is now 7:37PM EST, Next time I will be able to look at the computer will be Tuesday Morning at 10AM EST.
  4. ComboFix 11-12-15.02 - sellpaint 12/15/2011 11:52:43.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1461 [GMT -5:00] Running from: c:\documents and settings\Sell Paint\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . -- Previous Run -- . c:\windows\system32\proquota.exe . . . is missing!! . -------- . c:\windows\system32\proquota.exe . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 ))))))))))))))))))))))))))))))) . . 2011-12-12 19:36 . 2011-12-12 19:36 -------- d-----w- C:\_OTL 2011-12-12 16:11 . 2011-12-12 16:11 -------- d--h--w- c:\windows\PIF 2011-12-10 17:07 . 2011-12-10 17:13 -------- d-----w- C:\favicon 2011-12-09 07:22 . 2011-12-09 07:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-11-21 20:13 . 2011-11-21 20:13 -------- d-----w- c:\documents and settings\Sell Paint\Application Data\PC-FAX TX 2011-11-15 21:26 . 2011-11-15 21:26 -------- d-----w- c:\documents and settings\Sell Paint\Application Data\webex . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-09 13:20 . 2011-09-07 11:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run"="c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-10 149280] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] . c:\documents and settings\Sell Paint\Start Menu\Programs\Startup\ FAXRX.lnk - c:\program files\Brother\Brmfl10f\FAXRX.exe [2011-8-19 544768] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run] 2011-11-15 05:39 1036344 ----a-w- c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-10-24 15:58 136176 ----atw- c:\documents and settings\Sell Paint\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BrYNSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Brother\\Brmfl10f\\FAXRX.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "54925:UDP"= 54925:UDP:BrotherNetwork Scanner . S0 qkqfs;qkqfs;c:\windows\system32\drivers\sywoer.sys --> c:\windows\system32\drivers\sywoer.sys [?] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [03/08/2010 11:40 PM 144672] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/2010 8:37 PM 4640000] S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?] S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [08/19/2011 12:38 PM 245760] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: comcept.net Trusted Zone: comcept.net\reports Trusted Zone: comcept.net\reports1 Trusted Zone: comcept.net\reports2 Trusted Zone: comcept.net\reports3 Trusted Zone: comcept.net\reports4 Trusted Zone: comcept.net\reports5 Trusted Zone: comcept.net\reports6 Trusted Zone: comcept.net\reports7 Trusted Zone: comcept.net\reports8 Trusted Zone: comcept.net\reports9 Trusted Zone: comcept.us Trusted Zone: orderlinx.net TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 DPF: {6C9BF525-DA4D-4BB6-BD92-47FBDDB42DF5} - hxxp://prod.comcept.net/ActiveX/TaxerCalculator.CAB DPF: {9E8EBAA8-573C-45D2-A64C-DD93489744DE} - hxxps://businesscenter.intuit.com/objects/mtmicrimage.cab DPF: {D312963A-D83D-4766-AB92-DD5A30D5EF95} - hxxp://prod.comcept.net/ActiveX/CMSProdActiveX.CAB DPF: {F90D47D0-F243-49B3-9E7B-F2D49567E626} - hxxp://prod.comcept.net/ActiveX/IEPrintControl.ocx FF - ProfilePath - c:\documents and settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file) Notify-NavLogon - (no file) MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-15 13:42 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-12-15 13:43:56 ComboFix-quarantined-files.txt 2011-12-15 18:43 . Pre-Run: 50,783,457,280 bytes free Post-Run: 55,454,474,240 bytes free . - - End Of File - - 0ABCEA045A53039070A231C25B9A951C I also attached the print out of when CF seemed to hang... before it restarted. cF.txt
  5. Ok, ComboFix finally finished, but now I no longer have network access on that computer. I will try to get the log off of that computer, but first I have to find a thumb drive.
  6. Ok, ran ComboFix, and I got the same error as before with OTL. It cannot access C:\$mft. i thought that was fixed, but i guess not. Also each time it restarts, It runs Chkdsk and it reports back it cannot access volume. so it exits. It ran through all the steps, then reports a rootkit in TCP/IP, which is "Particularly Difficult". Restarts, and runs again... then it deletes a bunch of files.. then it has been frozen after that error. It has been running and stuck. It seems like the Malware severely corrupted the master table file, or has blocked access to read only.
  7. Will do in about 12 hours. That's when I will next be at work to run it.
  8. OTL logfile created on: 12/14/2011 8:09:22 AM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sell Paint\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 1.96 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.48% Memory free 3.81 Gb Paging File | 3.28 Gb Available in Paging File | 86.31% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.38 Gb Total Space | 44.89 Gb Free Space | 60.35% Space Free | Partition Type: NTFS Computer Name: KLINES5WS03 | User Name: sellpaint | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Sell Paint\My Documents\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.dll () MOD - \\.\globalroot\systemroot\system32\mswsock.dll () MOD - C:\Program Files\Brother\Brmfl10f\brrunpp.dll () ========== Win32 Services (SafeList) ========== SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111202.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111202.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys () DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 13:00:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/10 08:03:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/25 07:00:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/07 15:19:58 | 000,000,000 | ---D | M] [2009/04/07 09:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Extensions [2009/04/07 09:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/12/11 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\extensions [2011/12/09 08:20:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/08 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 06:53:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/02/10 08:03:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/09/17 06:53:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2010/09/17 06:53:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2010/02/10 08:03:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2010/09/17 06:53:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2004/12/14 01:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010/07/23 06:54:54 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2010/07/23 06:54:54 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010/07/23 06:54:54 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010/07/23 06:54:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2010/07/23 06:54:54 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010/07/23 06:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2010/07/23 06:54:54 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\ CHR - Extension: Angry Birds = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: Print Using Google Cloud Print\u2122 = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg\0.35_0\ CHR - Extension: Poppit = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run] C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Sell Paint\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([]* in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports1] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports2] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports3] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports4] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports5] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports6] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports7] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports8] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports9] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.us ([]* in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: orderlinx.net ([]* in Trusted sites) O16 - DPF: {6C9BF525-DA4D-4BB6-BD92-47FBDDB42DF5} http://prod.comcept.net/ActiveX/TaxerCalculator.CAB (TaxCalculator.CTaxer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {9E8EBAA8-573C-45D2-A64C-DD93489744DE} https://businesscenter.intuit.com/objects/mtmicrimage.cab (MTMicrImage.MicrImage) O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://reports2.comcept.net/Viewer/activexviewer.cab (Crystal Report Viewer Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D312963A-D83D-4766-AB92-DD5A30D5EF95} http://prod.comcept.net/ActiveX/CMSProdActiveX.CAB (CMSProdActiveX.XMLLoad) O16 - DPF: {F90D47D0-F243-49B3-9E7B-F2D49567E626} http://prod.comcept.net/ActiveX/IEPrintControl.ocx (IEPrntCtl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B93395CE-2B03-4E68-AA59-7B212AF4CBF1}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{480be268-1df5-11de-b71f-002170489b32}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure20.exe O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/12/13 15:45:37 | 000,832,968 | ---- | C] (Symantec Corporation) -- C:\Sevinst.exe [2011/12/13 10:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Desktop\testdisk-6.13 [2011/12/12 15:24:53 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/12/12 15:21:22 | 000,000,000 | ---D | C] -- C:\cmdcons [2011/12/12 15:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/12/12 15:05:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sell Paint\Start Menu\Programs\Administrative Tools [2011/12/12 14:36:42 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/12 14:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2011/12/12 11:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011/12/10 12:07:54 | 000,000,000 | ---D | C] -- C:\favicon [2011/12/09 02:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/12/09 02:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/12/08 14:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2011/12/08 14:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2011/12/08 12:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun [2011/12/08 12:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011/12/08 12:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/12/08 11:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/12/08 11:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/12/08 11:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/11/29 16:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Desktop\mike donlin [2011/11/21 15:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Application Data\PC-FAX TX [2011/11/15 16:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Application Data\webex [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sell Paint\*.tmp files -> C:\Documents and Settings\Sell Paint\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/13 16:52:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/13 16:49:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/13 16:49:22 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys [2011/12/13 16:47:38 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011/12/13 16:47:38 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011/12/13 16:47:38 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011/12/13 16:47:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011/12/13 15:45:40 | 000,832,968 | ---- | M] (Symantec Corporation) -- C:\Sevinst.exe [2011/12/13 09:04:13 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/13 08:01:26 | 000,000,213 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini [2011/12/12 15:21:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/12 15:09:37 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Application Data\Microsoft\Internet Explorer\Quick Launch\ComCept .net.lnk [2011/12/09 15:37:50 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wscsvc.reg [2011/12/09 08:20:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/12/08 14:43:39 | 000,060,902 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\mailpv.zip [2011/12/08 14:41:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/08 13:28:58 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\xp_exe_fix.zip [2011/12/08 11:44:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/12/08 08:23:39 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\comcept.lnk [2011/11/21 15:13:33 | 000,000,736 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2011/11/18 06:03:49 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\Google Chrome.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sell Paint\*.tmp files -> C:\Documents and Settings\Sell Paint\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/13 16:47:38 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011/12/13 16:47:38 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011/12/12 15:21:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/12/12 15:21:24 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/12/09 15:39:04 | 000,002,410 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wscsvc.reg [2011/12/08 16:54:38 | 2101,981,184 | -HS- | C] () -- C:\hiberfil.sys [2011/12/08 14:43:38 | 000,060,902 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Desktop\mailpv.zip [2011/12/08 14:41:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/08 13:28:57 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Desktop\xp_exe_fix.zip [2011/08/19 12:39:11 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011/08/19 12:39:11 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011/08/19 12:38:34 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2011/08/19 12:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011/08/19 12:38:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/08/19 12:38:11 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2011/08/19 12:38:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2010/06/23 13:32:27 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2010/06/23 13:32:25 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2010/04/22 13:26:16 | 000,033,998 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009/04/13 09:52:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Local Settings\Application Data\FASTWiz.html [2009/04/13 09:35:54 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/04/07 09:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/04/07 09:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2009/04/06 10:29:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/04/06 09:54:21 | 000,122,778 | ---- | C] () -- C:\WINDOWS\HPHins11.dat [2009/04/06 09:54:21 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat [2008/12/06 09:08:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe [2008/12/06 09:08:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll [2008/12/06 09:08:05 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/12/06 06:24:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/25 11:16:22 | 000,446,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/25 11:16:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/25 11:16:16 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys [2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/04/25 04:21:52 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll [2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll [2006/04/05 04:17:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll ========== LOP Check ========== [2009/09/11 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ComCept [2011/08/19 12:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2011/04/07 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011/08/19 12:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2011/08/19 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/08/19 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2011/08/19 12:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\ControlCenter4 [2011/04/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\DAEMON Tools Lite [2011/08/22 13:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\Nuance [2011/11/21 15:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\PC-FAX TX [2011/11/15 16:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\webex [2011/08/22 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\Zeon ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/14/2011 8:09:22 AM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sell Paint\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 1.96 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.48% Memory free 3.81 Gb Paging File | 3.28 Gb Available in Paging File | 86.31% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.38 Gb Total Space | 44.89 Gb Free Space | 60.35% Space Free | Partition Type: NTFS Computer Name: KLINES5WS03 | User Name: sellpaint | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Brother\Brmfl10f\FAXRX.exe" = C:\Program Files\Brother\Brmfl10f\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.) "C:\WINDOWS\system32\svchost.exe" = C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{204567C5-B507-4A47-88B3-F861AD29096E}" = ComCept.net "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N "{41CA14B6-3D43-4A24-9F7F-8A2A281D0A14}" = D1300 "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel® PRO Alerting Agent "{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4 "{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86) "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B9B1AED3-40FB-47CC-B880-ED9A2C9FE658}" = D1300_Help "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office14.STANDARD" = Microsoft Office Standard 2010 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.5.0.457 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/13/2011 6:43:18 PM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module mswsock.dll, version 0.0.0.0, fault address 0x00010000. Error - 12/13/2011 11:53:26 PM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 2:37:24 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 3:53:44 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 3:58:32 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 4:31:04 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 5:56:00 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 8:53:53 AM | Computer Name = KLINES5WS03 | Source = Application Error | ID = 1000 Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module shlwapi.dll, version 6.0.2900.5912, fault address 0x00007eaa. Error - 12/14/2011 9:05:48 AM | Computer Name = KLINES5WS03 | Source = Application Hang | ID = 1002 Description = Hanging application OTL (1).exe, version 3.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/14/2011 9:06:01 AM | Computer Name = KLINES5WS03 | Source = Application Hang | ID = 1002 Description = Hanging application OTL (1).exe, version 3.2.31.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 12/13/2011 3:28:36 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 3:41:02 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 3:45:49 PM | Computer Name = KLINES5WS03 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service BrYNSvc with arguments "" in order to run the server: {F2189AE3-E432-427F-93B6-38D1C6F5E8D4} Error - 12/13/2011 3:47:31 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect. Error - 12/13/2011 4:36:48 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 5:13:48 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 6:04:47 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 6:07:33 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 6:18:42 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 Error - 12/13/2011 6:21:43 PM | Computer Name = KLINES5WS03 | Source = Service Control Manager | ID = 7023 Description = The Network Location Awareness (NLA) service terminated with the following error: %%127 < End of report >
  9. Ok everything finished, it had me reboot and this is the log I received. Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  10. Running TestDisk to compare the Master File Table to the backup. Hoping that fixes that so I can continue.
  11. I cant run the fix, I get the attached error. I ran chkdsk, and it didn't detect any errors. Everytime I click ok, it pops up again, and wont continue.
  12. OTL logfile created on: 12/13/2011 8:26:52 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sell Paint\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 1.96 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.13% Memory free 3.81 Gb Paging File | 3.37 Gb Available in Paging File | 88.56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.38 Gb Total Space | 44.02 Gb Free Space | 59.18% Space Free | Partition Type: NTFS Computer Name: KLINES5WS03 | User Name: sellpaint | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Sell Paint\My Documents\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - c:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.dll () MOD - \\.\globalroot\systemroot\system32\mswsock.dll () MOD - C:\Program Files\Brother\Brmfl10f\brrunpp.dll () ========== Win32 Services (SafeList) ========== SRV - (SPService) -- C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL () SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111202.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111202.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys () DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb'>http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 13:00:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/10 08:03:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/25 07:00:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/07 15:19:58 | 000,000,000 | ---D | M] [2009/04/07 09:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Extensions [2009/04/07 09:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/12/11 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\extensions [2011/12/09 08:20:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sell Paint\Application Data\Mozilla\Firefox\Profiles\tv7gj31s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/08 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 06:53:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/02/10 08:03:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/09/17 06:53:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2010/09/17 06:53:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2010/02/10 08:03:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2010/09/17 06:53:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2004/12/14 01:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010/07/23 06:54:54 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2010/07/23 06:54:54 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010/07/23 06:54:54 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010/07/23 06:54:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2010/07/23 06:54:54 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010/07/23 06:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2010/07/23 06:54:54 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\ CHR - Extension: Angry Birds = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: Print Using Google Cloud Print\u2122 = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg\0.35_0\ CHR - Extension: Poppit = C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run] C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Sell Paint\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([]* in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports1] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports2] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports3] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports4] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports5] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports6] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports7] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports8] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.net ([reports9] * in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: comcept.us ([]* in Trusted sites) O15 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\..Trusted Domains: orderlinx.net ([]* in Trusted sites) O16 - DPF: {6C9BF525-DA4D-4BB6-BD92-47FBDDB42DF5} http://prod.comcept.net/ActiveX/TaxerCalculator.CAB (TaxCalculator.CTaxer) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {9E8EBAA8-573C-45D2-A64C-DD93489744DE} https://businesscenter.intuit.com/objects/mtmicrimage.cab (MTMicrImage.MicrImage) O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://reports2.comcept.net/Viewer/activexviewer.cab (Crystal Report Viewer Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D312963A-D83D-4766-AB92-DD5A30D5EF95} http://prod.comcept.net/ActiveX/CMSProdActiveX.CAB (CMSProdActiveX.XMLLoad) O16 - DPF: {F90D47D0-F243-49B3-9E7B-F2D49567E626} http://prod.comcept.net/ActiveX/IEPrintControl.ocx (IEPrntCtl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B93395CE-2B03-4E68-AA59-7B212AF4CBF1}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.237.161.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{27c0b0b6-d274-11e0-b8ab-002170489b32}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{480be268-1df5-11de-b71f-002170489b32}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure20.exe O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{85a90f8d-247c-11de-b726-002170489b32}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell - "" = AutoRun O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e994951a-6152-11e0-b895-002170489b32}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3686817950-3860417221-1862734735-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/12/12 15:24:53 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/12/12 15:21:22 | 000,000,000 | ---D | C] -- C:\cmdcons [2011/12/12 15:07:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/12/12 15:05:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sell Paint\Start Menu\Programs\Administrative Tools [2011/12/12 14:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/12 14:36:42 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/12 14:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2011/12/12 11:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011/12/10 12:07:54 | 000,000,000 | ---D | C] -- C:\favicon [2011/12/09 02:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/12/09 02:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/12/08 14:22:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2011/12/08 14:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2011/12/08 12:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun [2011/12/08 12:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011/12/08 12:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/12/08 11:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/12/08 11:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/12/08 11:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/11/29 16:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Desktop\mike donlin [2011/11/21 15:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Application Data\PC-FAX TX [2011/11/15 16:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sell Paint\Application Data\webex [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sell Paint\*.tmp files -> C:\Documents and Settings\Sell Paint\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/13 08:01:26 | 000,000,213 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini [2011/12/12 15:21:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/12 15:09:37 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Application Data\Microsoft\Internet Explorer\Quick Launch\ComCept .net.lnk [2011/12/12 15:08:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/12 07:55:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/12 07:55:40 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys [2011/12/09 15:37:50 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\wscsvc.reg [2011/12/09 08:20:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/12/08 14:43:39 | 000,060,902 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\mailpv.zip [2011/12/08 14:41:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/08 13:28:58 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\xp_exe_fix.zip [2011/12/08 11:44:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/12/08 08:23:39 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\comcept.lnk [2011/11/21 15:13:33 | 000,000,736 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2011/11/18 06:03:49 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\Sell Paint\Desktop\Google Chrome.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sell Paint\*.tmp files -> C:\Documents and Settings\Sell Paint\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/12 15:21:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/12/12 15:21:24 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/12/09 15:39:04 | 000,002,410 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\wscsvc.reg [2011/12/08 16:54:38 | 2101,981,184 | -HS- | C] () -- C:\hiberfil.sys [2011/12/08 14:43:38 | 000,060,902 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Desktop\mailpv.zip [2011/12/08 14:41:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/08 13:28:57 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Desktop\xp_exe_fix.zip [2011/08/19 12:39:11 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011/08/19 12:39:11 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011/08/19 12:38:34 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2011/08/19 12:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011/08/19 12:38:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/08/19 12:38:11 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2011/08/19 12:38:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2010/06/23 13:32:27 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2010/06/23 13:32:25 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2010/04/22 13:26:16 | 000,033,998 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009/04/13 09:52:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Sell Paint\Local Settings\Application Data\FASTWiz.html [2009/04/13 09:35:54 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/04/07 09:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/04/07 09:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2009/04/06 10:29:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/04/06 09:54:21 | 000,122,778 | ---- | C] () -- C:\WINDOWS\HPHins11.dat [2009/04/06 09:54:21 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat [2008/12/06 09:08:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe [2008/12/06 09:08:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll [2008/12/06 09:08:05 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/12/06 06:24:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/25 11:16:22 | 000,446,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/25 11:16:22 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/25 11:16:16 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys [2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/04/25 04:21:52 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll [2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll [2006/04/05 04:17:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll ========== LOP Check ========== [2009/09/11 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ComCept [2011/08/19 12:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2011/04/07 15:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011/08/19 12:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2011/08/19 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/08/19 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2011/08/19 12:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\ControlCenter4 [2011/04/07 15:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\DAEMON Tools Lite [2011/08/22 13:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\Nuance [2011/11/21 15:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\PC-FAX TX [2011/11/15 16:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\webex [2011/08/22 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sell Paint\Application Data\Zeon ========== Purity Check ========== < End of report > There was no Extras.txt only OTL.txt
  13. 08:23:43.0000 23780 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 08:23:43.0312 23780 ============================================================ 08:23:43.0312 23780 Current date / time: 2011/12/13 08:23:43.0312 08:23:43.0312 23780 SystemInfo: 08:23:43.0312 23780 08:23:43.0312 23780 OS Version: 5.1.2600 ServicePack: 3.0 08:23:43.0312 23780 Product type: Workstation 08:23:43.0312 23780 ComputerName: KLINES5WS03 08:23:43.0312 23780 UserName: sellpaint 08:23:43.0312 23780 Windows directory: C:\WINDOWS 08:23:43.0312 23780 System windows directory: C:\WINDOWS 08:23:43.0312 23780 Processor architecture: Intel x86 08:23:43.0312 23780 Number of processors: 2 08:23:43.0312 23780 Page size: 0x1000 08:23:43.0312 23780 Boot type: Normal boot 08:23:43.0312 23780 ============================================================ 08:23:43.0859 23780 Initialize success 08:23:50.0937 21868 ============================================================ 08:23:50.0937 21868 Scan started 08:23:50.0937 21868 Mode: Manual; SigCheck; TDLFS; 08:23:50.0937 21868 ============================================================ 08:23:57.0265 21868 Abiosdsk - ok 08:23:57.0312 21868 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 08:24:03.0921 21868 abp480n5 - ok 08:24:04.0062 21868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 08:24:04.0312 21868 ACPI - ok 08:24:04.0562 21868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 08:24:04.0687 21868 ACPIEC - ok 08:24:04.0750 21868 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys 08:24:04.0828 21868 ADIHdAudAddService - ok 08:24:04.0984 21868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 08:24:05.0109 21868 adpu160m - ok 08:24:05.0171 21868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 08:24:05.0281 21868 aec - ok 08:24:05.0437 21868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 08:24:05.0656 21868 AFD - ok 08:24:05.0843 21868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 08:24:05.0953 21868 agp440 - ok 08:24:05.0968 21868 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 08:24:06.0062 21868 agpCPQ - ok 08:24:06.0078 21868 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 08:24:06.0125 21868 Aha154x - ok 08:24:06.0125 21868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 08:24:06.0234 21868 aic78u2 - ok 08:24:06.0250 21868 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 08:24:06.0328 21868 aic78xx - ok 08:24:06.0359 21868 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 08:24:06.0453 21868 AliIde - ok 08:24:06.0671 21868 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 08:24:06.0796 21868 alim1541 - ok 08:24:06.0796 21868 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 08:24:06.0890 21868 amdagp - ok 08:24:06.0937 21868 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 08:24:07.0000 21868 amsint - ok 08:24:07.0140 21868 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 08:24:07.0265 21868 asc - ok 08:24:07.0312 21868 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 08:24:07.0375 21868 asc3350p - ok 08:24:07.0406 21868 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 08:24:07.0546 21868 asc3550 - ok 08:24:07.0671 21868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 08:24:07.0781 21868 AsyncMac - ok 08:24:07.0859 21868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 08:24:07.0953 21868 atapi - ok 08:24:08.0046 21868 Atdisk - ok 08:24:08.0109 21868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 08:24:08.0218 21868 Atmarpc - ok 08:24:08.0250 21868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 08:24:08.0359 21868 audstub - ok 08:24:08.0390 21868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 08:24:08.0500 21868 Beep - ok 08:24:08.0609 21868 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 08:24:08.0734 21868 cbidf - ok 08:24:08.0765 21868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 08:24:08.0843 21868 cbidf2k - ok 08:24:08.0968 21868 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 08:24:09.0062 21868 cd20xrnt - ok 08:24:09.0109 21868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 08:24:09.0234 21868 Cdaudio - ok 08:24:09.0375 21868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 08:24:09.0484 21868 Cdfs - ok 08:24:09.0531 21868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 08:24:09.0765 21868 Cdrom - ok 08:24:09.0906 21868 Changer - ok 08:24:09.0953 21868 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 08:24:10.0062 21868 CmdIde - ok 08:24:10.0218 21868 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 08:24:10.0343 21868 Cpqarray - ok 08:24:10.0359 21868 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 08:24:10.0468 21868 dac2w2k - ok 08:24:10.0625 21868 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 08:24:10.0750 21868 dac960nt - ok 08:24:10.0781 21868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 08:24:10.0906 21868 Disk - ok 08:24:10.0953 21868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 08:24:11.0093 21868 dmboot - ok 08:24:11.0281 21868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 08:24:11.0375 21868 dmio - ok 08:24:11.0390 21868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 08:24:11.0484 21868 dmload - ok 08:24:11.0531 21868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 08:24:11.0640 21868 DMusic - ok 08:24:11.0781 21868 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 08:24:11.0875 21868 dpti2o - ok 08:24:11.0890 21868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 08:24:11.0968 21868 drmkaud - ok 08:24:12.0031 21868 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 08:24:12.0078 21868 e1express - ok 08:24:12.0250 21868 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08:24:12.0281 21868 eeCtrl - ok 08:24:12.0359 21868 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:24:12.0375 21868 EraserUtilRebootDrv - ok 08:24:12.0578 21868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 08:24:12.0765 21868 Fastfat - ok 08:24:12.0906 21868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 08:24:13.0015 21868 Fdc - ok 08:24:13.0046 21868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 08:24:13.0156 21868 Fips - ok 08:24:13.0171 21868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 08:24:13.0281 21868 Flpydisk - ok 08:24:13.0312 21868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 08:24:13.0406 21868 FltMgr - ok 08:24:13.0593 21868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 08:24:13.0687 21868 Fs_Rec - ok 08:24:13.0718 21868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 08:24:13.0828 21868 Ftdisk - ok 08:24:13.0843 21868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 08:24:13.0953 21868 Gpc - ok 08:24:14.0093 21868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 08:24:14.0187 21868 HDAudBus - ok 08:24:14.0250 21868 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys 08:24:14.0281 21868 HECI - ok 08:24:14.0312 21868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 08:24:14.0421 21868 hidusb - ok 08:24:14.0640 21868 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 08:24:14.0750 21868 hpn - ok 08:24:14.0796 21868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 08:24:14.0906 21868 HTTP - ok 08:24:15.0093 21868 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 08:24:15.0203 21868 i2omgmt - ok 08:24:15.0250 21868 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 08:24:15.0375 21868 i2omp - ok 08:24:15.0593 21868 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 08:24:16.0312 21868 ialm - ok 08:24:16.0515 21868 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys 08:24:16.0515 21868 iaStor - ok 08:24:16.0578 21868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 08:24:16.0703 21868 Imapi - ok 08:24:16.0750 21868 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 08:24:16.0875 21868 ini910u - ok 08:24:17.0015 21868 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 08:24:17.0093 21868 IntelIde - ok 08:24:17.0125 21868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 08:24:17.0250 21868 intelppm - ok 08:24:17.0265 21868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 08:24:17.0375 21868 Ip6Fw - ok 08:24:17.0531 21868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 08:24:17.0765 21868 IpFilterDriver - ok 08:24:17.0937 21868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 08:24:18.0046 21868 IpInIp - ok 08:24:18.0156 21868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 08:24:18.0359 21868 IpNat - ok 08:24:18.0671 21868 IPSec (4eb0d03142d98d9145d834fc32ab91b9) C:\WINDOWS\system32\DRIVERS\ipsec.sys 08:24:18.0750 21868 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 4eb0d03142d98d9145d834fc32ab91b9, Fake md5: 8aa5d638014b2ee0f7afc302f86af8a8 08:24:18.0750 21868 IPSec ( ForgedFile.Multi.Generic ) - warning 08:24:18.0750 21868 IPSec - detected ForgedFile.Multi.Generic (1) 08:24:18.0781 21868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 08:24:18.0828 21868 IRENUM - ok 08:24:18.0875 21868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 08:24:19.0171 21868 isapnp - ok 08:24:19.0343 21868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 08:24:19.0468 21868 Kbdclass - ok 08:24:19.0546 21868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 08:24:19.0625 21868 kbdhid - ok 08:24:19.0671 21868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 08:24:19.0796 21868 kmixer - ok 08:24:19.0953 21868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 08:24:20.0125 21868 KSecDD - ok 08:24:20.0250 21868 lbrtfdc - ok 08:24:20.0312 21868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 08:24:20.0406 21868 mnmdd - ok 08:24:20.0718 21868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 08:24:20.0843 21868 Modem - ok 08:24:21.0000 21868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 08:24:21.0078 21868 Mouclass - ok 08:24:21.0125 21868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 08:24:21.0234 21868 mouhid - ok 08:24:21.0281 21868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 08:24:21.0375 21868 MountMgr - ok 08:24:21.0515 21868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 08:24:21.0593 21868 mraid35x - ok 08:24:21.0640 21868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 08:24:21.0765 21868 MRxDAV - ok 08:24:21.0828 21868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 08:24:21.0906 21868 MRxSmb - ok 08:24:22.0171 21868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 08:24:22.0281 21868 Msfs - ok 08:24:22.0328 21868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 08:24:22.0453 21868 MSKSSRV - ok 08:24:22.0609 21868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 08:24:22.0718 21868 MSPCLOCK - ok 08:24:22.0828 21868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 08:24:22.0953 21868 MSPQM - ok 08:24:23.0000 21868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 08:24:23.0125 21868 mssmbios - ok 08:24:23.0187 21868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 08:24:23.0296 21868 Mup - ok 08:24:23.0578 21868 NAL (8e7726ba6e6c4cd81baa6c8d8c0099f3) C:\WINDOWS\system32\Drivers\iqvw32.sys 08:24:23.0656 21868 NAL - ok 08:24:23.0796 21868 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111202.003\naveng.sys 08:24:23.0812 21868 NAVENG - ok 08:24:23.0890 21868 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111202.003\navex15.sys 08:24:24.0265 21868 NAVEX15 - ok 08:24:24.0437 21868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 08:24:24.0671 21868 NDIS - ok 08:24:24.0843 21868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 08:24:24.0937 21868 NdisTapi - ok 08:24:25.0015 21868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 08:24:25.0125 21868 Ndisuio - ok 08:24:25.0250 21868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 08:24:25.0421 21868 NdisWan - ok 08:24:25.0718 21868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 08:24:25.0828 21868 NDProxy - ok 08:24:25.0937 21868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 08:24:26.0046 21868 NetBIOS - ok 08:24:26.0109 21868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 08:24:26.0234 21868 NetBT - ok 08:24:26.0250 21868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 08:24:26.0359 21868 Npfs - ok 08:24:26.0484 21868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 08:24:26.0593 21868 Ntfs - ok 08:24:26.0671 21868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 08:24:26.0781 21868 Null - ok 08:24:26.0812 21868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 08:24:26.0921 21868 NwlnkFlt - ok 08:24:27.0109 21868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 08:24:27.0203 21868 NwlnkFwd - ok 08:24:27.0250 21868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 08:24:27.0359 21868 Parport - ok 08:24:27.0390 21868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 08:24:27.0500 21868 PartMgr - ok 08:24:27.0640 21868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 08:24:27.0765 21868 ParVdm - ok 08:24:27.0812 21868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 08:24:27.0906 21868 PCI - ok 08:24:27.0921 21868 PCIDump - ok 08:24:27.0921 21868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 08:24:28.0015 21868 PCIIde - ok 08:24:28.0203 21868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 08:24:28.0296 21868 Pcmcia - ok 08:24:28.0296 21868 PDCOMP - ok 08:24:28.0312 21868 PDFRAME - ok 08:24:28.0312 21868 PDRELI - ok 08:24:28.0328 21868 PDRFRAME - ok 08:24:28.0359 21868 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 08:24:28.0484 21868 perc2 - ok 08:24:28.0656 21868 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 08:24:28.0781 21868 perc2hib - ok 08:24:28.0843 21868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 08:24:28.0984 21868 PptpMiniport - ok 08:24:29.0125 21868 PROCEXP150 - ok 08:24:29.0187 21868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 08:24:29.0296 21868 PSched - ok 08:24:29.0328 21868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 08:24:29.0437 21868 Ptilink - ok 08:24:29.0625 21868 qkqfs - ok 08:24:29.0671 21868 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 08:24:29.0765 21868 ql1080 - ok 08:24:29.0796 21868 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 08:24:29.0906 21868 Ql10wnt - ok 08:24:30.0046 21868 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 08:24:30.0125 21868 ql12160 - ok 08:24:30.0156 21868 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 08:24:30.0265 21868 ql1240 - ok 08:24:30.0281 21868 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 08:24:30.0375 21868 ql1280 - ok 08:24:30.0421 21868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 08:24:30.0531 21868 RasAcd - ok 08:24:30.0671 21868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 08:24:30.0828 21868 Rasl2tp - ok 08:24:30.0859 21868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 08:24:31.0000 21868 RasPppoe - ok 08:24:31.0125 21868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 08:24:31.0265 21868 Raspti - ok 08:24:31.0296 21868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 08:24:31.0390 21868 Rdbss - ok 08:24:31.0625 21868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 08:24:31.0718 21868 RDPCDD - ok 08:24:31.0812 21868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 08:24:31.0906 21868 rdpdr - ok 08:24:32.0015 21868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 08:24:32.0125 21868 RDPWD - ok 08:24:32.0234 21868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 08:24:32.0390 21868 redbook - ok 08:24:32.0625 21868 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 08:24:33.0046 21868 SAVRT - ok 08:24:33.0046 21868 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 08:24:33.0062 21868 SAVRTPEL - ok 08:24:33.0218 21868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 08:24:33.0296 21868 Secdrv - ok 08:24:33.0906 21868 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 08:24:35.0203 21868 SenFiltService - ok 08:24:35.0750 21868 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 08:24:36.0218 21868 Serenum - ok 08:24:36.0578 21868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 08:24:37.0156 21868 Serial - ok 08:24:37.0828 21868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 08:24:38.0031 21868 Sfloppy - ok 08:24:38.0375 21868 Simbad - ok 08:24:38.0750 21868 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 08:24:39.0281 21868 sisagp - ok 08:24:39.0500 21868 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 08:24:39.0828 21868 Sparrow - ok 08:24:40.0546 21868 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 08:24:41.0015 21868 SPBBCDrv - ok 08:24:41.0328 21868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 08:24:41.0421 21868 splitter - ok 08:24:41.0843 21868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 08:24:42.0078 21868 sr - ok 08:24:42.0265 21868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 08:24:42.0343 21868 Srv - ok 08:24:42.0656 21868 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 08:24:42.0750 21868 StillCam - ok 08:24:42.0875 21868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 08:24:42.0984 21868 swenum - ok 08:24:43.0031 21868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 08:24:43.0156 21868 swmidi - ok 08:24:43.0234 21868 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 08:24:43.0312 21868 symc810 - ok 08:24:43.0468 21868 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 08:24:43.0578 21868 symc8xx - ok 08:24:43.0703 21868 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS 08:24:43.0718 21868 SymEvent - ok 08:24:43.0875 21868 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 08:24:43.0890 21868 SYMREDRV - ok 08:24:43.0937 21868 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 08:24:43.0968 21868 SYMTDI - ok 08:24:44.0015 21868 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 08:24:44.0125 21868 sym_hi - ok 08:24:44.0250 21868 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 08:24:44.0343 21868 sym_u3 - ok 08:24:44.0406 21868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 08:24:44.0484 21868 sysaudio - ok 08:24:44.0546 21868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 08:24:44.0640 21868 Tcpip - ok 08:24:44.0781 21868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 08:24:44.0890 21868 TDPIPE - ok 08:24:44.0921 21868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 08:24:45.0031 21868 TDTCP - ok 08:24:45.0218 21868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 08:24:45.0296 21868 TermDD - ok 08:24:45.0343 21868 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 08:24:45.0421 21868 TosIde - ok 08:24:45.0421 21868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 08:24:45.0531 21868 Udfs - ok 08:24:45.0703 21868 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 08:24:45.0781 21868 ultra - ok 08:24:45.0843 21868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 08:24:45.0937 21868 Update - ok 08:24:46.0000 21868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 08:24:46.0093 21868 usbaudio - ok 08:24:46.0250 21868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 08:24:46.0343 21868 usbccgp - ok 08:24:46.0359 21868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 08:24:46.0453 21868 usbehci - ok 08:24:46.0484 21868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 08:24:46.0625 21868 usbhub - ok 08:24:46.0812 21868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 08:24:46.0921 21868 usbprint - ok 08:24:46.0968 21868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:24:47.0093 21868 USBSTOR - ok 08:24:47.0265 21868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 08:24:47.0343 21868 usbuhci - ok 08:24:47.0390 21868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 08:24:47.0500 21868 VgaSave - ok 08:24:47.0546 21868 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 08:24:47.0656 21868 viaagp - ok 08:24:47.0812 21868 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 08:24:47.0921 21868 ViaIde - ok 08:24:47.0968 21868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 08:24:48.0046 21868 VolSnap - ok 08:24:48.0078 21868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 08:24:48.0171 21868 Wanarp - ok 08:24:48.0281 21868 WDICA - ok 08:24:48.0328 21868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 08:24:48.0437 21868 wdmaud - ok 08:24:48.0500 21868 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 08:24:48.0578 21868 WudfPf - ok 08:24:48.0718 21868 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 08:24:48.0765 21868 WudfRd - ok 08:24:48.0796 21868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 08:24:48.0937 21868 \Device\Harddisk0\DR0 - ok 08:24:48.0953 21868 Boot (0x1200) (16badcaa3effd48fd4611e2ee3f6ce97) \Device\Harddisk0\DR0\Partition0 08:24:48.0953 21868 \Device\Harddisk0\DR0\Partition0 - ok 08:24:48.0953 21868 ============================================================ 08:24:48.0953 21868 Scan finished 08:24:48.0953 21868 ============================================================ 08:24:49.0078 7808 Detected object count: 1 08:24:49.0078 7808 Actual detected object count: 1 08:24:52.0578 7808 IPSec ( ForgedFile.Multi.Generic ) - skipped by user 08:24:52.0578 7808 IPSec ( ForgedFile.Multi.Generic ) - User select action: Skip
  14. I am working on a Work Computer that was hit with Antivirus 2011 XP, I got most of the virus removed, including scheduled tasks, and a some leftover processes that were still trying to run. But I am now in the aftermath trying to get the PC back up to full speed. I notice ping.exe running through Procexp, it is started by SVCHOST, it is using over half the CPU, this isnt a process I am familiar with. When searching google for anything related to malware/rogues it redirects. Occasionally I get IE windows that start out of nowhere, even when noones around the PC that all lead to where google redirects. Could not run DDS.SCR (It would hang 20+ min) so I ran Trend Micro's Version Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:36:20 PM, on 12/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17103) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe C:\Program Files\ControlCenter4\BrCtrlCntr.exe C:\Program Files\Brother\Brmfl10f\FAXRX.exe C:\Program Files\ControlCenter4\BrCcUxSys.exe C:\Documents and Settings\Sell Paint\My Documents\Downloads\procexp.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Sell Paint\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081206 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [C1B4EA6258B471429F2BABC4CB93DC4907C989B4._service_run] "C:\Documents and Settings\Sell Paint\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl10f\FAXRX.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: reports.comcept.net O15 - Trusted Zone: reports1.comcept.net O15 - Trusted Zone: reports2.comcept.net O15 - Trusted Zone: reports3.comcept.net O15 - Trusted Zone: reports4.comcept.net O15 - Trusted Zone: reports5.comcept.net O15 - Trusted Zone: reports6.comcept.net O15 - Trusted Zone: reports7.comcept.net O15 - Trusted Zone: reports8.comcept.net O15 - Trusted Zone: reports9.comcept.net O15 - Trusted Zone: *.comcept.net O15 - Trusted Zone: *.comcept.us O15 - Trusted Zone: *.orderlinx.net O16 - DPF: {6C9BF525-DA4D-4BB6-BD92-47FBDDB42DF5} (TaxCalculator.CTaxer) - http://prod.comcept.net/ActiveX/TaxerCalculator.CAB O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9E8EBAA8-573C-45D2-A64C-DD93489744DE} (MTMicrImage.MicrImage) - https://businesscenter.intuit.com/objects/mtmicrimage.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://reports2.comcept.net/Viewer/activexviewer.cab O16 - DPF: {D312963A-D83D-4766-AB92-DD5A30D5EF95} (CMSProdActiveX.XMLLoad) - http://prod.comcept.net/ActiveX/CMSProdActiveX.CAB O16 - DPF: {F90D47D0-F243-49B3-9E7B-F2D49567E626} (IEPrntCtl Class) - http://prod.comcept.net/ActiveX/IEPrintControl.ocx O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10091 bytes