WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

JS/Tufift.A and JS/Iframe.BU [Solved]

Started by rmfred , Oct 14 2012 10:15 AM

This topic is locked

37 replies to this topic

#1 rmfred

Authentic Member

Authentic Member
26 posts

Posted 14 October 2012 - 10:15 AM

The two items referenced in the topic title were found on my machine. My anti-virus software (Sophos) did not find them but Microsoft Security Essentials did. What is strange is that MSE did a scan on Friday Oct 12 & didn't report anything. I then installed the Windows Update items that MS released on Tue Oct 9th & MSE immediately did another scan on restart of OS after which it reported the two items. One of the items (js/tufift.a) was found on an external drive, further investigation showed that MSE had originally found this on the external drive back in July (but it didn't show up when the scan was originally run). The second item was on the C: drive but was originally found in August but again didn't show when the scan was originally run. Looking at the log file shows both items were quarantined when found. Both items were found in Firefox profiles albeit in different ones on the external vs internal drives. I instructed MSE to remove them and ran another MSE scan and it returned clean. I ran another Sophos scan and it returned clean as well. I am not experiencing any strange behavior on this machine, but since these items were found I am skeptical as to whether I am "out of the woods" or not. Would appreciate those more savvy than I to take a look. I ran Hijackthis and the results are as follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:09 AM, on 10/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\Documents and Settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rmfred\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI7967~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-843312985-487402592-91182677-1109\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-21-290913236-528315964-866732382-500 Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'Administrator')
O4 - S-1-5-21-290913236-528315964-866732382-500 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'Administrator')
O4 - S-1-5-21-290913236-528315964-866732382-500 User Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'Administrator')
O4 - S-1-5-21-290913236-528315964-866732382-500 User Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'Administrator')
O4 - S-1-5-21-843312985-487402592-91182677-1109 Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User '?')
O4 - S-1-5-21-843312985-487402592-91182677-1109 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User '?')
O4 - S-1-5-21-843312985-487402592-91182677-500 Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User '?')
O4 - S-1-5-21-843312985-487402592-91182677-500 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI7967~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI7967~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\rmfred\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\rmfred\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos\web intelligence\swi_ifslsp.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1262041079509
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1347905419839
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} (OBXPopupBlockerAssistant Control) - http://mcarimgweb01....ex/OBXPopup.cab
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://firestreamww...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redhorse.local
O17 - HKLM\Software\..\Telephony: DomainName = redhorse.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{31B081FD-EF8C-4058-9792-0D57D444E950}: NameServer = 216.67.153.137,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redhorse.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Condusiv Technologies - C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HPWJA Service (HPWJAService) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
O23 - Service: HPWSProAdapter - Hewlett-Packard - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Limited - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Limited - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update) - Sophos Limited - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/rmfred/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 14752 bytes

THANKS in advance for any help you might be able to provide.

Advertisements

Register to Remove

#2 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 15 October 2012 - 07:05 AM

Hi and Welcome!! rmfred

My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! :thumbup:

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation

#3 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 15 October 2012 - 09:53 AM

Hi rmfred

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

Next

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

On your next reply please post :
OTL.txt
Extras.txt
aswMBR report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day! :wavey:

#4 rmfred

Authentic Member

Authentic Member
26 posts

Posted 15 October 2012 - 12:19 PM

OTL.Txt results:
OTL logfile created on: 10/15/2012 10:09:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\rmfred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
2.58 Gb Paging File | 1.97 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.86 Gb Free Space | 50.80% Space Free | Partition Type: NTFS
Drive P: | 33.16 Gb Total Space | 30.78 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
Drive S: | 232.88 Gb Total Space | 192.36 Gb Free Space | 82.60% Space Free | Partition Type: NTFS
Drive Z: | 928.30 Gb Total Space | 928.19 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: RICKFRED | User Name: rmfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\rmfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
PRC - C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
PRC - C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe ()
PRC - C:\Documents and Settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lmabcoms.exe ( )
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Sophos\Remote Management System\ssleay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Security.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\libeay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ace.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\Program Files\Condusiv Technologies\Diskeeper\DK_Net.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Wyse\PocketCloud Windows Companion\AetherCommLib.dll ()
MOD - C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe ()
MOD - C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (swi_update) -- C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (HPWJAService) -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Diskeeper) -- C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
SRV - (HPWSProAdapter) -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe (Hewlett-Packard)
SRV - (WysePocketCloud) -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe ()
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (lmab_device) -- C:\WINDOWS\system32\lmabcoms.exe ( )
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (iAimTV2) -- System32\DRIVERS\wATV03nt.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz135) -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (sdcfilter) -- C:\WINDOWS\system32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Limited)
DRV - (SKMScan) -- C:\WINDOWS\system32\drivers\skmscan.sys (Sophos Plc)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Limited)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (DKTLFSMF) -- C:\WINDOWS\system32\drivers\DKTLFSMF.sys (Condusiv Technologies)
DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Condusiv Technologies)
DRV - (DKDFM) -- C:\WINDOWS\system32\drivers\DKDFM.sys (Condusiv Technologies)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (nlem32nt) -- C:\WINDOWS\System32\drivers\nlem32nt.sys ()
DRV - (Motousbnet) -- C:\WINDOWS\system32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\WINDOWS\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\WINDOWS\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Logix4u)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (iomdisk) -- C:\WINDOWS\system32\drivers\IomDisk.sys (Iomega Corporation)
DRV - (cpqdfw) -- C:\WINDOWS\system32\drivers\Cpqdfw.sys ()
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}: "URL" = http://www.live.com/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...DT/0409/bl8.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}: "URL" = http://www.live.com/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1
FF - prefs.js..extensions.enabledAddons: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.5.9
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1
FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\rmfred\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/17 11:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 12:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 12:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/17 11:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/08/17 11:41:47 | 000,000,000 | ---D | M]

[2010/04/02 14:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Extensions
[2010/04/02 14:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/10 09:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions
[2012/07/31 12:34:51 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012/08/27 17:09:57 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/08/17 14:52:22 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/08/05 09:30:16 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/07/31 12:35:05 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/07/31 12:35:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2012/07/31 12:35:08 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/07/31 13:19:59 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\support@lastpass.com
[2012/10/10 09:39:00 | 001,626,141 | ---- | M] () (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\firebug@software.joehewitt.com.xpi
[2011/08/27 12:19:00 | 000,028,993 | ---- | M] () (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/05/10 16:15:46 | 000,527,037 | ---- | M] () (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012/10/05 09:39:33 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/09/12 14:36:18 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/09/07 12:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:24:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2009/11/11 13:05:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/07 12:27:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/01/14 14:49:32 | 000,053,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13117.dll
[2012/08/17 11:37:29 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/30 08:47:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 08:47:39 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\rmfred\Application Data\Mozilla\plugins\npatgpc.dll
CHR - plugin: Oracle JInitiator (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPJinit13117.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\rmfred\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail Attachments To Drive = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epoohehjbaenldfbahgcegdmlogakgin\1.3.7_0\
CHR - Extension: LastPass = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/02/20 15:00:34 | 000,381,367 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13139 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownnotificationflags = -1014642277
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\rmfred\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\rmfred\Desktop\PartyPoker.lnk File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262041079509 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1347905419839 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} http://mcarimgweb01....ex/OBXPopup.cab (OBXPopupBlockerAssistant Control)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://firestreamww...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redhorse.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B081FD-EF8C-4058-9792-0D57D444E950}: NameServer = 216.67.153.137,8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/rmfred/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d25a95-bb39-11dd-aecd-0002e3354d98}\Shell - "" = AutoRun
O33 - MountPoints2\{07d25a95-bb39-11dd-aecd-0002e3354d98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07d25a95-bb39-11dd-aecd-0002e3354d98}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 10:04:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rmfred\Desktop\OTL.exe
[2012/10/12 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rmfred\Local Settings\Application Data\Condusiv_Technologies
[2012/10/12 13:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rmfred\Application Data\Condusiv_Technologies
[2012/10/06 09:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/10/06 09:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2012/10/03 17:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rmfred\Start Menu\Programs\Sage Software
[2010/12/16 17:30:17 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/15 10:04:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rmfred\Desktop\OTL.exe
[2012/10/15 09:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-290913236-528315964-866732382-1005UA.job
[2012/10/15 09:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/15 09:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 00:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-290913236-528315964-866732382-1005Core.job
[2012/10/15 00:48:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 18:09:03 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2012/10/14 12:16:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/13 01:00:00 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Remove.job
[2012/10/12 13:34:58 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/12 12:12:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-290913236-528315964-866732382-1005.job
[2012/10/12 12:11:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-290913236-528315964-866732382-1005.job
[2012/10/12 12:11:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/12 12:04:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/12 12:04:37 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 11:35:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 16:02:28 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\rmfred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/09 06:52:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 06:52:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/06 09:54:56 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/06 09:30:02 | 207,900,214 | ---- | M] () -- C:\Documents and Settings\rmfred\My Documents\reg backup 100612.reg
[2012/10/04 13:09:15 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/26 18:09:05 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2012/09/26 18:09:05 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2012/09/17 12:34:24 | 000,604,496 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/17 12:34:24 | 000,121,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 12:03:30 | 001,103,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/06 09:52:20 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/06 09:27:29 | 207,900,214 | ---- | C] () -- C:\Documents and Settings\rmfred\My Documents\reg backup 100612.reg
[2012/10/04 13:23:36 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/20 10:25:15 | 000,000,530 | ---- | C] () -- C:\WINDOWS\tasks\Remove.job
[2012/03/30 11:00:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT11.ini
[2012/02/16 00:04:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/11 11:58:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/07 16:08:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/04/02 09:05:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2011/03/03 16:46:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/14 17:49:17 | 000,000,484 | ---- | C] () -- C:\WINDOWS\hardwaretracker.ini
[2010/10/13 16:23:57 | 000,812,032 | ---- | C] () -- C:\Documents and Settings\rmfred\Application Data\SharedSettings.ccs
[2010/05/24 11:12:01 | 000,025,755 | ---- | C] () -- C:\Documents and Settings\rmfred\srbuttons-https---reports-mclaneco-com-ddrint-content-.jar
[2010/05/24 11:12:01 | 000,025,601 | ---- | C] () -- C:\Documents and Settings\rmfred\srbuttons-https---reports-mclaneco-com-ddrint-content-.jar.bak
[2010/05/24 11:12:01 | 000,014,445 | ---- | C] () -- C:\Documents and Settings\rmfred\dpbuttons-https---reports-mclaneco-com-ddrint-content-.jar
[2010/05/24 11:12:01 | 000,014,291 | ---- | C] () -- C:\Documents and Settings\rmfred\dpbuttons-https---reports-mclaneco-com-ddrint-content-.jar.bak
[2010/05/24 11:12:00 | 000,016,122 | ---- | C] () -- C:\Documents and Settings\rmfred\eebuttons-https---reports-mclaneco-com-ddrint-content-.jar
[2010/05/24 11:12:00 | 000,015,968 | ---- | C] () -- C:\Documents and Settings\rmfred\eebuttons-https---reports-mclaneco-com-ddrint-content-.jar.bak
[2010/05/24 11:11:59 | 000,090,327 | ---- | C] () -- C:\Documents and Settings\rmfred\ddiimages-https---reports-mclaneco-com-ddrint-content-.jar.bak
[2010/05/24 11:11:58 | 000,090,481 | ---- | C] () -- C:\Documents and Settings\rmfred\ddiimages-https---reports-mclaneco-com-ddrint-content-.jar
[2010/03/04 17:55:16 | 000,000,436 | RHS- | C] () -- C:\Documents and Settings\rmfred\ntuser.pol
[2009/01/04 14:10:27 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÐÝÃÄ›.sys
[2007/04/03 16:56:46 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\rmfred\g2mdlhlpx.exe
[2007/03/06 13:45:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\rmfred\winscp.RND
[2006/12/19 12:00:59 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006/12/12 16:26:33 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/06 18:49:49 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\rmfred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/04 10:34:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rmfred\.gtk-bookmarks
[2006/09/04 10:33:29 | 000,188,318 | ---- | C] () -- C:\Documents and Settings\rmfred\.fonts.cache-1
[2006/08/28 14:45:02 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\rmfred\Application Data\$_hpcst$.hpc
[2006/08/17 18:27:59 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2008/07/08 15:57:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SYSTEM32\shdocvw.dll -- [2011/02/17 07:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/16 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClearCloud
[2010/10/13 16:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2012/06/29 15:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Condusiv Technologies
[2011/04/27 13:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GEOTAB
[2012/10/12 11:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/11/16 19:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raptivity Web Expert
[2010/06/15 09:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2012/10/12 13:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2012/07/25 13:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/11/16 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/15 09:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\9.0.0
[2006/08/21 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Active Disk
[2007/02/27 17:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Alien Skin
[2008/12/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Amazon
[2008/03/20 16:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Axialis
[2010/12/16 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\ClearCloud
[2012/01/09 15:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\CoffeeCup Software
[2012/10/12 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Condusiv_Technologies
[2011/07/20 17:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\CoreFTP
[2008/09/14 14:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\DNA
[2011/06/12 12:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Dropbox
[2012/07/12 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\FileZilla
[2011/04/27 11:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\GEOTAB
[2006/12/06 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\InterVideo
[2006/08/18 10:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Leadertech
[2009/12/16 13:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Mp3tag
[2011/08/15 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Notepad++
[2009/10/17 12:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\OpenOffice.org
[2006/12/17 13:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Opera
[2012/07/27 11:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Oracle
[2012/01/26 16:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Sage Group PLC - Sage North America
[2009/02/13 14:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\SanDisk
[2010/04/02 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Thunderbird
[2006/12/19 13:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Walgreens
[2012/04/24 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\webex
[2010/06/09 08:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Windows Desktop Search
[2010/10/28 11:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\Windows Search
[2008/12/01 13:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rmfred\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 01:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 01:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3802110A
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: ST325082 4A USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 75.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 32256
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#5 rmfred

Authentic Member

Authentic Member
26 posts

Posted 15 October 2012 - 12:20 PM

Extras.Txt results:

OTL Extras logfile created on: 10/15/2012 10:09:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\rmfred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
2.58 Gb Paging File | 1.97 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 37.86 Gb Free Space | 50.80% Space Free | Partition Type: NTFS
Drive P: | 33.16 Gb Total Space | 30.78 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
Drive S: | 232.88 Gb Total Space | 192.36 Gb Free Space | 82.60% Space Free | Partition Type: NTFS
Drive Z: | 928.30 Gb Total Space | 928.19 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: RICKFRED | User Name: rmfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)
"C:\Program Files\xampp\apache\bin\apache.exe" = C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
"C:\Program Files\xampp\mysql\bin\mysqld.exe" = C:\Program Files\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Program Files\FtpPassword\FtpPsw.exe" = C:\Program Files\FtpPassword\FtpPsw.exe:*:Enabled:Ftppsw
"C:\Documents and Settings\rmfred\Desktop\fpr-small\fpr.exe" = C:\Documents and Settings\rmfred\Desktop\fpr-small\fpr.exe:*:Enabled:FTP Password Recovery
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"D:\setup\hppapd.exe" = D:\setup\hppapd.exe:*:Enabled:hppapd.exe
"D:\setup\hpntwkexe.exe" = D:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ( )
"C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE" = C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE:*:Enabled:Lexmark Status Messenger -- ( )
"C:\Documents and Settings\rmfred\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\rmfred\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\VLCM\vBackup\BackupMonitor.exe" = C:\Program Files\VLCM\vBackup\BackupMonitor.exe:*:Enabled:BackupMonitor.exe
"C:\Program Files\VLCM\vBackup\BackupStatusIcon.exe" = C:\Program Files\VLCM\vBackup\BackupStatusIcon.exe:*:Enabled:BackupStatusIcon.exe
"C:\Program Files\Microsoft Office 2010\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office 2010\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\rmfred\My Documents\Downloads\solutoinstaller-_wCj4y9GZr13.exe" = C:\Documents and Settings\rmfred\My Documents\Downloads\solutoinstaller-_wCj4y9GZr13.exe:*:Enabled:SolutoInstaller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:HP Installer Network Plug in
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00100409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1881AE03-2BD4-11D4-86BF-00508B10AA88}" = Diagnostics for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20630D4E-4E7B-4589-8F70-89B5965D1487}" = PocketCloud Windows Companion
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{324F388E-4F28-42D6-ADD1-9AB27D249523}" = WD Discovery Software
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48CABD59-C04D-4AE0-AB05-331787E336E6}" = EMET
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A760E88-A69A-4AA2-B4CA-CC51151A4265}" = Diskeeper 12 Professional
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7279647E-8661-48DF-998E-E7DCC3E6955D}" = Microsoft Office Live Meeting 2005
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{832BC6DE-D025-4EDB-84A8-E3AFA2EF1507}" = HP Web Jetadmin 10.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9520DDEB-237A-41DB-AA20-F2EF2360DCEB}" = Microsoft Online Services Sign-in Assistant
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D34DBEF-C329-426E-B07E-2C772F8463D9}" = Web Image Studio
"{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}" = Crystal Reports 10 for Sage
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BD1100-CB69-47AF-A1A8-925D46235F35}" = Raptivity Web Expert Essential Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D3397488-6A10-4972-A4B5-1CA41FBDB25A}" = Opera 11.60
"{DEE1F5B5-4213-4626-BE8F-B90687196682}" = Raptivity Web Expert
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65E7559-55BC-46C5-B14D-11A609960B3E}" = Sage Abra Suite Components
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"ActiveTouchMeetingClient" = WebEx
"Adaptive Server Anywhere 6.0" = Sybase Adaptive Server Anywhere 6.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advantage Energy Software" = Advantage Energy Software
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"CoffeeCup LockBox" = CoffeeCup LockBox
"CoffeeCup Shopping Cart Creator Pro 3.8.3845" = CoffeeCup Shopping Cart Creator Pro
"CoffeeCup Shopping Cart Designer Pro 3.8" = CoffeeCup Shopping Cart Designer Pro
"CoffeeCup Web Video Player - Registered" = CoffeeCup Web Video Player - Registered
"Core FTP LE 1.3c" = Core FTP LE 1.3c
"FileZilla Client" = FileZilla Client 3.5.3
"Gasboy MCE for Windows_is1" = Gasboy MCE for Windows V01.0.02
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"ie8" = Windows Internet Explorer 8
"IomegaWare" = IomegaWare 4.0.2
"JellyFish Light 3.5" = JellyFish Light 3.5
"LastPass" = LastPass (uninstall only)
"Legacy 6.0" = Legacy 6.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 16.0 (x86 en-US)" = Mozilla Thunderbird 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetLib Encryptionizer DE Distribution-2008.6.22.0" = NetLib Encryptionizer DE Distribution
"NetUtils" = NetUtils
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Sophos-DiagnosticUtility" = Sophos Diagnostic Utility
"StorageSync" = StorageSync Backup Software
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2009" = TaxACT 2009
"TaxACT 2010" = TaxACT 2010
"TaxACT 2011 - 1040 Edition" = TaxACT 2011 - 1040 Edition
"TinyTERM" = TinyTERM
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.13
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.6.3a

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"fc432f4d055db7e1" = Sage Abra Suite
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sansa Updater" = Sansa Updater
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2012 7:57:35 PM | Computer Name = RICKFRED | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

Error - 10/12/2012 12:01:06 AM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/12/2012 1:41:13 AM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/12/2012 5:18:23 AM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/12/2012 11:51:49 AM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/12/2012 11:57:37 AM | Computer Name = RICKFRED | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

Error - 10/12/2012 6:01:31 PM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/14/2012 12:33:57 PM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/14/2012 2:22:06 PM | Computer Name = RICKFRED | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 10/14/2012 10:05:02 PM | Computer Name = RICKFRED | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

[ System Events ]
Error - 10/6/2012 12:01:25 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7000
Description = The HPWSProAdapter service failed to start due to the following error:
%%1053

Error - 10/6/2012 12:24:05 PM | Computer Name = RICKFRED | Source = DCOM | ID = 10010
Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register
with DCOM within the required timeout.

Error - 10/6/2012 12:30:15 PM | Computer Name = RICKFRED | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{31B081FD-EF8C-4058-9792-0D57D444E950}. The
backup browser is stopping.

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HPWJA Service service
to connect.

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7000
Description = The HPWJA Service service failed to start due to the following error:
%%1053

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HPWSProAdapter service
to connect.

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7000
Description = The HPWSProAdapter service failed to start due to the following error:
%%1053

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core
Service service to connect.

Error - 10/12/2012 2:10:41 PM | Computer Name = RICKFRED | Source = Service Control Manager | ID = 7000
Description = The Soluto PCGenome Core Service service failed to start due to the
following error: %%1053

Error - 10/14/2012 11:44:29 AM | Computer Name = RICKFRED | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain REDHORSE due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

< End of report >

#6 rmfred

Authentic Member

Authentic Member
26 posts

Posted 15 October 2012 - 05:37 PM

Sorry for the delay but water construction cut all our phone lines including our T1 attached are results of aswmbr

Attached Files

MBR.zip 499bytes 297 downloads
aswMBR.txt 1.89KB 337 downloads

#7 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 16 October 2012 - 08:14 AM

Hi rmfred

Thanks for your response

P2P Programs:

P2P programs are a major source of Malware infections.
From your log I see you have BitTorrent We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.

Information regarding the risk of using these programs can be found from here and here

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

On your next reply please post :
Adw Cleaner report
Combofix log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

#8 rmfred

Authentic Member

Authentic Member
26 posts

Posted 16 October 2012 - 01:59 PM

That is very interesting... I've never used BitTorrent - at least I don't recall doing so

Can't find it as a program choice anywhere on my machine? Am downloading the programs now and will post back when finished

#9 rmfred

Authentic Member

Authentic Member
26 posts

Posted 16 October 2012 - 03:11 PM

adwcleaner results: # AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:04:14 # Updated 14/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : rmfred - RICKFRED # Boot Mode : Normal # Running from : C:\Documents and Settings\rmfred\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.94 File : C:\Documents and Settings\rmfred\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v11.60.1185.0 File : C:\Documents and Settings\rmfred\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [1262 octets] - [16/10/2012 14:04:14] ########## EOF - C:\AdwCleaner[S1].txt - [1322 octets] ##########

#10 rmfred

Authentic Member

Authentic Member
26 posts

Posted 16 October 2012 - 04:09 PM

NOTE: During the running of comboFix, PEV.exe encountered a problem. Results of comboFix:

ComboFix 12-10-16.02 - rmfred 10/16/2012 15:35:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1298 [GMT -6:00]
Running from: c:\documents and settings\rmfred\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\All Users\Application Data\TEMP\MyExamples.dll
c:\documents and settings\All Users\Application Data\TEMP\MyFavorites.dll
c:\documents and settings\All Users\Application Data\TEMP\OrionLicense.xml
c:\documents and settings\rmfred\g2mdlhlpx.exe
c:\documents and settings\rmfred\SendTo\notepad.exe
c:\documents and settings\rmfred\WINDOWS
c:\windows\system32\231AE0CFA4.dll
c:\windows\system32\2477877.dat
c:\windows\system32\3701236.dat
c:\windows\system32\Cache
c:\windows\system32\SET60.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 21:23 . 2012-10-16 21:24 -------- d-----w- C:\Temp 1
2012-10-16 20:19 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42BE5B9-DC75-42E7-A85B-FDB32A8B66A1}\mpengine.dll
2012-10-15 18:25 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-15 00:36 . 2012-10-15 23:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-12 19:18 . 2012-10-12 19:18 -------- d-----w- c:\documents and settings\rmfred\Local Settings\Application Data\Condusiv_Technologies
2012-10-12 19:18 . 2012-10-12 19:18 -------- d-----w- c:\documents and settings\rmfred\Application Data\Condusiv_Technologies
2012-10-06 15:47 . 2012-10-12 19:36 -------- d-----w- c:\program files\Soluto
2012-10-06 15:44 . 2012-10-12 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:52 . 2012-03-30 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 12:52 . 2012-03-30 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 04:03 . 2009-12-02 21:23 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2006-06-23 17:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-08-29 10:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-08-18 05:36 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2002-08-29 09:03 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 08:00 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-17 17:37 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-29 15:47 . 2010-12-16 23:30 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-07-27 18:06 . 2012-07-27 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-27 18:06 . 2010-04-15 19:30 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-27 17:43 . 2012-07-25 19:06 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-07-25 18:45 . 2011-03-28 19:47 33696 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2012-07-25 18:44 . 2006-09-06 23:11 24832 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2012-07-25 18:44 . 2012-07-25 18:44 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2012-07-25 18:44 . 2006-09-06 23:11 155392 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2012-07-25 18:44 . 2012-07-25 18:44 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2012-07-19 16:37 . 2010-01-21 00:53 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-19 16:37 . 2010-01-21 00:53 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-19 16:37 . 2010-01-21 00:53 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-19 16:37 . 2010-01-21 00:52 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-07 18:27 . 2012-09-07 18:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rmfred\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rmfred\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rmfred\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rmfred\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-12-16 79872]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-08-08 900160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-17 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
.
c:\documents and settings\administrator.REDHORSE\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
.
c:\documents and settings\rmfred.REDHORSE\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-16 10974280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"shutdownnotificationflags"= -1014642277 (0xc385c99b)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-19 16:37 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2006-12-19 17:32 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2012-07-27 20:51 1261512 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
2002-07-16 16:55 32768 ----a-w- c:\program files\Iomega\DriveIcons\deskup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-02 16:15 136176 ----atw- c:\documents and settings\rmfred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 22:13 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-01-23 10:05 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-12-24 03:47 618496 ----a-w- c:\program files\HP\DfaWep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-01-23 10:17 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
2002-08-13 20:30 86016 ----a-w- c:\program files\Iomega\DriveIcons\Imgicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 19:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PocketCloud Location]
2011-05-25 03:02 405504 ----a-w- c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-17 17:37 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [6/29/2012 3:17 PM 35120]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [6/29/2012 3:17 PM 85328]
R0 nlem32nt;nlem32nt;c:\windows\system32\drivers\nlem32nt.sys [6/15/2010 9:29 AM 70424]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [9/6/2006 5:11 PM 155392]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [9/6/2006 5:11 PM 24832]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [7/25/2012 12:44 PM 31736]
R2 HPWSProAdapter;HPWSProAdapter;c:\program files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [5/18/2012 8:30 PM 9728]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2/23/2011 5:13 AM 1578400]
R2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [9/17/2012 7:57 AM 216640]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/25/2012 12:44 PM 139840]
R2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [7/25/2012 12:44 PM 357400]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [9/17/2012 7:57 AM 2863168]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [5/24/2011 9:02 PM 83456]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [6/29/2012 3:16 PM 44496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:36 AM 135664]
S2 HPWJAService;HPWJA Service;c:\program files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [6/29/2012 6:16 PM 45056]
S2 swi_update;Sophos Web Intelligence Update;c:\documents and settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe [7/25/2012 1:08 PM 1465920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 12:02 PM 250808]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [8/3/2011 6:10 PM 6016]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:36 AM 135664]
S3 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/14/2010 3:18 PM 374184]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/3/2011 6:10 PM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/3/2011 6:10 PM 8320]
S3 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [1/27/2011 3:13 PM 226624]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [8/3/2011 6:10 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [8/3/2011 6:10 PM 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:39 AM 115168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [3/28/2011 1:47 PM 33696]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2/10/2012 2:21 PM 14976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SWI_UPDATE
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:52]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:36]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:36]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-290913236-528315964-866732382-1005Core.job
- c:\documents and settings\rmfred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:15]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-290913236-528315964-866732382-1005UA.job
- c:\documents and settings\rmfred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:15]
.
2012-10-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
.
2012-09-27 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
.
2012-10-16 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
.
2012-09-27 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27 21:14]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-290913236-528315964-866732382-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]
.
2012-10-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-290913236-528315964-866732382-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]
.
2012-10-13 c:\windows\Tasks\Remove.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-07-25 18:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\documents and settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\rmfred\Local Settings\Application Data\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: Interfaces\{31B081FD-EF8C-4058-9792-0D57D444E950}: NameServer = 216.67.153.137,8.8.8.8
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://mcarimgweb01.mclaneco.com/ECdocs/activex/OBXPopup.cab
FF - ProfilePath - c:\documents and settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\
FF - ExtSQL: 2012-08-17 11:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-08-17 14:52; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\documents and settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2012-10-05 09:39; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\rmfred\Application Data\Mozilla\Firefox\Profiles\skig6qty.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BackupStatusIcon - c:\program files\VLCM\vBackup\BackupStatusIcon.exe
MSConfigStartUp-Communicator - c:\program files\Microsoft Lync\communicator.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
AddRemove-Office14.SingleImage - c:\program files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-16 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\rmfred\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?.lnk?form=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\documents and settings\rmfred\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Condusiv Technologies\Diskeeper\DkService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LMabcoms.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2012-10-16 16:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 22:04
.
Pre-Run: 39,823,527,936 bytes free
Post-Run: 40,331,214,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - AFB25914197A87E7C5D4D68EABF84CBD

Advertisements

Register to Remove

#11 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 17 October 2012 - 10:21 AM

Hi rmfred

Very good job

Please download Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push

#12 rmfred

Authentic Member

Authentic Member
26 posts

Posted 17 October 2012 - 04:45 PM

Don't know what all these programs are doing, but my machine is worse now (much slower) than when we started

Here is the result of MBAM: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.17.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 10/17/2012 4:25:58 PM mbam-log-2012-10-17 (16-25-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 289675 Time elapsed: 16 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#13 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 18 October 2012 - 05:51 AM

Hi rmfred

I need you to complete the step outlined above and post Eset scan results in your next reply

Next

" I see from the logs that you have two antivirus products installed. Having more than one antivirus can cause slowdowns, conflicts and crashes. I suggest removing one of them via Programs and Features"

:wavey:

#14 rmfred

Authentic Member

Authentic Member
26 posts

Posted 18 October 2012 - 08:02 AM

Results of EsetScan attached

Attached Files

MyEsetScan.txt 195bytes 336 downloads

#15 Robybel

SuperMember

Visiting Fellow
1,536 posts

Posted 18 October 2012 - 10:37 PM

Hi rmfred

Run OTL

Open OTL again and click the Quick Scan button (don't check the boxes beside LOP Check or Purity this time)
Post the OTL.txt log it produces in your next reply.

Next

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Please let me know how your machine is running now

On your next reply please post :
OTL.txt
The answer to my question

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Body Background

skin color theme