Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search results being redirected and everything is going slooow...


  • This topic is locked This topic is locked
24 replies to this topic

#1 dex_og

dex_og

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 March 2009 - 10:22 AM

Any help here would be appreciated! I run Nortan AV and Malwarebytes.....but all of a sudden my computer (shared with wife and little kids who like clicking on stuff) kept having some "vurys doctor" thing continually popping up, then search engine results would bring me random pages, then everything began to take much longer (as if the CPU was going crazy, which it wasn't), and the newest (today) is I keep getting (on start up and shut down) a read/write error to some 000000-XXXXX sequence.....so searching around I installed Spyware, but this didn't help....then I just installed hijack this and now I am here....so here is this log thing....again, any help would be awesome!

One other thing....as a mitigation, or what I though was one, I DL the new IE8.....not sure if this contributes to everything too....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:37 AM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://online.parker.com/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://dinocam.sdsmt.edu/activex/AxisCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O18 - Filter hijack: text/html - {54ab753e-111e-49e7-832d-bdc53fa9c4ab} - C:\WINDOWS\system32\mst123.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12789 bytes

Edited by dex_og, 21 March 2009 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 21 March 2009 - 11:05 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 March 2009 - 11:27 AM

OTListIt logfile created on: 3/21/2009 12:09:17 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 382.61 Mb Available Physical Memory | 39.92% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.53 Gb Total Space | 101.30 Gb Free Space | 71.58% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEX2
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2001/09/24 08:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2009/03/18 20:55:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/10/22 23:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2005/01/23 22:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/05/10 13:50:42 | 00,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
PRC - [2005/10/14 22:58:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/09/24 08:59:00 | 00,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/11 13:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
PRC - [2009/03/18 20:55:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/07/13 08:48:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/03 10:35:12 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001/09/24 08:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2001/09/24 08:59:00 | 00,352,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\SSC\NSCTOP.EXE
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
PRC - [2000/09/18 18:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MsgSys.EXE
PRC - [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\xfr.exe
PRC - [2004/11/02 19:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/09/07 09:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2005/06/08 00:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [1998/05/07 05:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2002/08/21 06:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/21 12:08:53 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ams_ii\hndlrsvc.exe -- (Intel Alert Handler [Auto | Running])
SRV - [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\xfr.exe -- (Intel File Transfer [Auto | Running])
SRV - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/18 20:55:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/10/22 23:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service [Auto | Running])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,352,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\SSC\NSCTOP.EXE -- (NSCTOP [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 15:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2004/11/02 19:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2005/04/20 07:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 10:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/06/07 18:44:36 | 01,235,968 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/11/05 11:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2005/04/14 17:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/01/08 17:18:18 | 00,013,992 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2005/03/09 14:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2002/10/15 15:03:34 | 00,043,024 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatbus.sys -- (lgatbus [On_Demand | Stopped])
DRV - [2002/10/15 15:05:38 | 00,077,104 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatmdm.sys -- (lgatmdm [On_Demand | Stopped])
DRV - [2002/10/15 15:07:30 | 00,060,816 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatserd.sys -- (lgatserd [On_Demand | Stopped])
DRV - [2006/03/27 21:42:33 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
DRV - [2001/09/24 08:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP [On_Demand | Running])
DRV - [2001/09/24 08:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/03/18 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/18 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/11/15 16:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2005/07/04 01:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/04 01:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/03/04 07:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/25 02:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2001/09/24 04:29:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/12/22 13:28:18 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/18 20:55:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/21 01:17:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/21 01:17:51 | 00,000,000 | ---D | M]

[2008/08/27 23:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/08/27 23:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 01:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions
[2009/03/21 01:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/08/03 23:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2008/05/26 00:55:49 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\bbcnews.xml
[2009/03/15 21:05:49 | 00,001,412 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\bittorrent.xml
[2009/03/15 21:05:49 | 00,001,157 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\freedict.xml
[2008/06/22 22:45:51 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\jeeves.xml
[2009/03/15 21:05:49 | 00,002,143 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\marketwatch.xml
[2008/07/05 00:18:09 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\odeo.xml
[2009/03/15 21:05:49 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\weather.xml
[2008/06/22 22:45:59 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\wikipedia.xml
[2009/03/21 01:18:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/21 01:17:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/07 22:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/30 20:24:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/30 23:18:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/29 10:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/15 22:18:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/18 20:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (784 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://online.parker.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://dinocam.sdsmt.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/famil.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.disneyphotopass.com/software/ImageUploader4.cab (Image Uploader Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/14 23:12:54 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b61e463e-6b2a-11dd-a1a0-0015f2088c88}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/21 12:08:48 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/03/21 11:02:18 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2009/03/21 11:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/21 10:33:22 | 00,039,746 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\will hold mail.MDI
[2009/03/21 01:38:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/21 01:38:00 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2009/03/21 01:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/03/20 21:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/20 21:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/03/20 21:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
[2009/03/20 21:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/20 21:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/03/20 21:53:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/20 21:53:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/20 21:51:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/20 10:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/03/19 22:00:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/19 21:59:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/19 21:57:13 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\f23567.dat
[2009/03/19 21:56:54 | 00,013,824 | ---- | C] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/19 21:56:54 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2935f44.dat
[2009/03/19 21:56:53 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g234sdfdfgjf23
[2009/03/19 21:56:52 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2951f44.dat
[2009/03/09 10:03:50 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\House Info.doc
[2009/03/08 18:36:31 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\picture_day_schedule_Tues-Wed[1].doc
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 04:33:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/06 14:37:38 | 01,277,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CouponPrinter.exe
[2009/03/06 14:24:38 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Home away rental chart3_6.xls
[2009/02/21 12:42:41 | 00,005,632 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Thumbs.db
[2009/02/20 16:56:18 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\rental contract.doc

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/21 12:08:53 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/03/21 11:02:18 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2009/03/21 10:33:23 | 00,039,746 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\will hold mail.MDI
[2009/03/21 10:19:48 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/21 10:19:29 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/03/21 10:16:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/21 10:16:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/21 10:16:39 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/21 10:11:51 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/21 01:38:00 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2009/03/21 01:07:05 | 00,000,777 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/21 01:07:05 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/21 01:07:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/20 22:01:27 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\desktop.ini
[2009/03/20 21:55:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/19 22:00:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/19 21:59:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/19 21:57:13 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\f23567.dat
[2009/03/19 21:56:55 | 00,013,824 | ---- | M] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/19 21:56:54 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2935f44.dat
[2009/03/19 21:56:53 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g234sdfdfgjf23
[2009/03/19 21:56:52 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2951f44.dat
[2009/03/18 10:31:26 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hi889k6y7y.doc
[2009/03/13 14:51:58 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Home away rental chart3_6.xls
[2009/03/11 20:19:29 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 11:22:33 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\House Info.doc
[2009/03/09 15:13:51 | 00,445,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 15:13:51 | 00,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 15:13:51 | 00,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 10:30:04 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rental contract.doc
[2009/03/08 18:36:31 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\picture_day_schedule_Tues-Wed[1].doc
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/03/06 14:37:38 | 01,277,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CouponPrinter.exe
[2009/02/28 00:55:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/21 12:42:41 | 00,005,632 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Thumbs.db
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 21 March 2009 - 11:31 AM

How about the Gmer log? Please post it here as well once you run it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 March 2009 - 01:33 PM

GMER is still running......about 2+hours now......I won't be able to post results until later (7pm or so).

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 21 March 2009 - 03:56 PM

Ok, no problem. I'll be around. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 March 2009 - 09:16 PM

Okay, here is the GMER results....


GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-21 22:09:52
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C59315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00D34832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00E4E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00E4DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00E4DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00E4DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00E4DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00E4E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00E4DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 04441088 C:\WINDOWS\system32\mst123.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D2DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00D2DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C91CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\defwatch.exe[160] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\cba\pds.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[236] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\windows\system\hpsysdrv.exe[404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\sm56hlpr.exe[440] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\vptray.exe[504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\HP\KBD\KBD.EXE[508] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00E45140
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E45140
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E4508C
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E45027
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E44FF5
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E45140
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00E456AB
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00E453F9
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E456AB
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E453F9
IAT C:\WINDOWS\system32\services.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E456AB
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BB5140
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BB508C
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BB5027
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BB4FF5
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00BB508C
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BB5140
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00BB508C
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00BB5027
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BB53F9
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BB56AB
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BB56AB
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BB53F9
IAT C:\WINDOWS\system32\lsass.exe[596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BB56AB
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\Program Files\Windows Defender\MSASCui.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A54FF5
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B55140
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B5508C
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B55027
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B54FF5
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B553F9
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B556AB
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B556AB
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B553F9
IAT C:\WINDOWS\system32\svchost.exe[828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B556AB
IAT C:\WINDOWS\system32\svchost.exe[828] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B55140
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[872] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A65140
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A6508C
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A65027
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A64FF5
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A656AB
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A653F9
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A656AB
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00A653F9
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00A656AB
IAT C:\Program Files\Windows Defender\MsMpEng.exe[892] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00A65140
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01605140
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0160508C
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01605027
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01604FF5
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 016053F9
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 016056AB
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 016056AB
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 016053F9
IAT C:\WINDOWS\System32\svchost.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 016056AB
IAT C:\WINDOWS\System32\svchost.exe[940] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01605140
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Java\jre6\bin\jusched.exe[968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00635140
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0063508C
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00635027
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00634FF5
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 006353F9
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 006356AB
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 006356AB
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 006353F9
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 006356AB
IAT C:\WINDOWS\system32\svchost.exe[972] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00635140
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\DNA\btdna.exe[1008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\QuickTime\qttask.exe[1144] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\rundll32.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085140
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0008508C
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00085027
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084FF5
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000853F9
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000853F9
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000856AB
IAT C:\WINDOWS\system32\ctfmon.exe[1376] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085140
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\NavNT\rtvscan.exe[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1568] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 015956AB
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01595140
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0159508C
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01595027
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01594FF5
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 015953F9
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 015956AB
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 015956AB
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 015956AB
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 015953F9
IAT C:\WINDOWS\Explorer.EXE[1668] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01595140
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\SSC\NSCTOP.EXE[1840] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\svchost.exe[2184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2312] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\ams_ii\hndlrsvc.exe[2372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\system32\cba\xfr.exe[2496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2588] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3092] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\System32\alg.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\WINDOWS\ALCXMNTR.EXE[3392] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iTunes\iTunesHelper.exe[3800] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3812] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017F18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\Internet Explorer\iexplore.exe[3892] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\Program Files\iPod\bin\iPodService.exe[3968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040508C
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405027
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404FF5
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 004053F9
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004056AB
IAT C:\WINDOWS\system32\WISPTIS.EXE[4472] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405140
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135140
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013508C
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135027
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134FF5
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001353F9
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001356AB
IAT C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[10948] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135140

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 18384 bytes
File C:\WINDOWS\system32\lowsec\user.ds 0 bytes
File C:\WINDOWS\system32\sdra64.exe 537600 bytes executable

---- EOF - GMER 1.0.15 ----

Attached Files



#8 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 22 March 2009 - 09:37 AM

Okay, so now I think I did something bad/wrong......

I ran Malwarebytes and told it to delete what it found to be malware......computer works, but I can not access the internet (from either IE8 or Firefox).......I am on another PC right now....

The log says it deleted, upon restart, the following files:

local.ds (spyware.stolendata)
uer.dc (spyware.stolendata)
helper.dll (trojan.bho)
mst123.dll (trojan.agent) - It also said the memory module was infected
dll32.dll (backdoor.bot.Q) - It also said the memory module was infected
sdra64.exe (trojan.fakealert)
helper.sig (trojan.agent)

system32\lowsec (file deleted, spyware.stolendata)

2 registry keys were infected and deleted
2 registry values were infected and deleted

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 22 March 2009 - 09:42 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe File not found
    
    :Files
    C:\WINDOWS\system32\lowsec 
    C:\WINDOWS\system32\lowsec\local.ds 
    C:\WINDOWS\system32\lowsec\user.ds 
    C:\WINDOWS\system32\sdra64.exe
    C:\WINDOWS\f23567.dat
    C:\WINDOWS\System32\dll32.dll
    C:\WINDOWS\t55ft2935f44.dat
    C:\WINDOWS\9g234sdfdfgjf23
    C:\WINDOWS\t55ft2951f44.dat
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 22 March 2009 - 09:47 AM

If you still can't access the net after running that fix, try this and it should get you back online.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,


Reboot your computer and check your connection.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 22 March 2009 - 01:38 PM

1) Below is the new OTL2 log. (system rebooted).
2) Attempted to do fixes as suggested wuth Hijackthis.....found the "R"s but no "F"s.....did a rescan and still no "F"s????
3) Upon reboot after (2) above, got some read/write error at location 0000-XXXX?
4) IE8 is now functioning again.
5) IE* is now back under my control!!!! Search engines no longer being sent wherever........
6) Firefox is not working. Should I re-install?
7) Should I re-run virus checker (NORTON) or Malware?
8) If yes to (7) should I also do this in safe mode?


========== OTLISTIT ==========
Process explorer.exe killed successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyEnable| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyOverride| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyEnable| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyOverride| /E : value set successfully!
========== FILES ==========
C:\WINDOWS\system32\lowsec moved successfully.
File/Folder C:\WINDOWS\system32\lowsec\local.ds not found.
File/Folder C:\WINDOWS\system32\lowsec\user.ds not found.
File/Folder C:\WINDOWS\system32\sdra64.exe not found.
C:\WINDOWS\f23567.dat moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dll32.dll
C:\WINDOWS\System32\dll32.dll NOT unregistered.
C:\WINDOWS\System32\dll32.dll moved successfully.
C:\WINDOWS\t55ft2935f44.dat moved successfully.
C:\WINDOWS\9g234sdfdfgjf23 moved successfully.
C:\WINDOWS\t55ft2951f44.dat moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_664.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000502274443F19D63F52 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.0 log created on 03222009_131213

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_664.dat not found!
File C:\WINDOWS\temp\TMP000000502274443F19D63F52 not found!

Registry entries deleted on Reboot...

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 22 March 2009 - 07:32 PM

Let's see where we're at now. Run a new quick scan with Malwarebytes and post that log.
Also post a new log from OTListIt2.

Tell me more about your Firefox issue.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 23 March 2009 - 08:18 PM

1) Firefox is giving the same error that IE8 was giving....
"...Proxy Server Refused Connection....Firefox is configured to use a proxy server that is refusing connections....."

2) Malware found 6 "bad" things....
Memory Modules Infected:
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{54ab753e-111e-49e7-832d-bdc53fa9c4ab} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

Files Infected:
C:\Program Files\Common\helper.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> No action taken.

3)OTListIt2 - Attached.


OTListIt logfile created on: 3/23/2009 9:11:45 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 355.89 Mb Available Physical Memory | 37.13% Memory free
2.26 Gb Paging File | 1.72 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.53 Gb Total Space | 101.90 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 1.66 Gb Free Space | 22.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEX2
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2001/09/24 08:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2009/03/18 20:55:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/10/22 23:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2005/01/23 22:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/05/10 13:50:42 | 00,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
PRC - [2005/10/14 22:58:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2001/09/24 08:59:00 | 00,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/11 13:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
PRC - [2009/03/18 20:55:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/07/13 08:48:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/03 10:35:12 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001/09/24 08:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2001/09/24 08:59:00 | 00,352,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\SSC\NSCTOP.EXE
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
PRC - [2000/09/18 18:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MsgSys.EXE
PRC - [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\xfr.exe
PRC - [2004/11/02 19:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/09/07 09:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2005/06/08 00:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [1998/05/07 05:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/21 12:08:53 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/06/07 18:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ams_ii\hndlrsvc.exe -- (Intel Alert Handler [Auto | Running])
SRV - [2000/09/18 18:12:40 | 00,011,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\xfr.exe -- (Intel File Transfer [Auto | Running])
SRV - [2000/09/18 18:12:40 | 00,018,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/18 20:55:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/10/22 23:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service [Auto | Running])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2001/09/24 08:59:00 | 00,352,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\SSC\NSCTOP.EXE -- (NSCTOP [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 15:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
SRV - [2004/11/02 19:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2005/04/20 07:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 10:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/06/07 18:44:36 | 01,235,968 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/11/05 11:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2005/04/14 17:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/01/08 17:18:18 | 00,013,992 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2005/03/09 14:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2002/10/15 15:03:34 | 00,043,024 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatbus.sys -- (lgatbus [On_Demand | Stopped])
DRV - [2002/10/15 15:05:38 | 00,077,104 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatmdm.sys -- (lgatmdm [On_Demand | Stopped])
DRV - [2002/10/15 15:07:30 | 00,060,816 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\lgatserd.sys -- (lgatserd [On_Demand | Stopped])
DRV - [2006/03/27 21:42:33 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\DRIVERS\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
DRV - [2001/09/24 08:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP [On_Demand | Running])
DRV - [2001/09/24 08:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/03/18 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/18 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090318.006\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/11/15 16:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2005/07/04 01:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/04 01:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/03/04 07:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 18:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/01/25 02:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2001/09/24 04:29:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/12/22 13:28:18 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/18 20:55:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/22 20:31:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/22 20:31:30 | 00,000,000 | ---D | M]

[2008/08/27 23:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/08/27 23:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 01:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions
[2009/03/21 01:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/08/03 23:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\2ie6drz5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2008/05/26 00:55:49 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\bbcnews.xml
[2009/03/15 21:05:49 | 00,001,412 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\bittorrent.xml
[2009/03/15 21:05:49 | 00,001,157 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\freedict.xml
[2008/06/22 22:45:51 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\jeeves.xml
[2009/03/15 21:05:49 | 00,002,143 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\marketwatch.xml
[2008/07/05 00:18:09 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\odeo.xml
[2009/03/15 21:05:49 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\weather.xml
[2008/06/22 22:45:59 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\FireFox\Profiles\2ie6drz5.default\searchplugins\wikipedia.xml
[2009/03/21 01:18:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/22 20:31:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/07 22:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/30 20:24:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/30 23:18:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/29 10:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/15 22:18:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/18 20:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/02/19 21:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 21:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (784 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://online.parker.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://dinocam.sdsmt.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/famil.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.disneyphotopass.com/software/ImageUploader4.cab (Image Uploader Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/14 23:12:54 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b61e463e-6b2a-11dd-a1a0-0015f2088c88}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/23 09:34:00 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/23 09:33:33 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/23 09:33:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/23 09:33:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/23 09:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/23 09:28:25 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/23 00:01:29 | 00,039,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\usps hold mail for FL trip.MDI
[2009/03/22 13:12:13 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/22 10:03:48 | 00,014,872 | ---- | C] () -- C:\WINDOWS\System32\mst123.dll
[2009/03/21 12:32:55 | 00,277,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2009/03/21 12:08:48 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/03/21 11:02:18 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2009/03/21 11:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/21 10:33:22 | 00,039,746 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\will hold mail.MDI
[2009/03/21 01:38:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/21 01:38:00 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2009/03/21 01:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/03/20 21:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/20 21:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/03/20 21:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
[2009/03/20 21:55:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/20 21:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/03/20 21:53:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/20 21:53:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/20 21:51:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/20 10:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/03/19 22:00:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/19 21:59:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/09 10:03:50 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\House Info.doc
[2009/03/08 18:36:31 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\picture_day_schedule_Tues-Wed[1].doc
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 04:33:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/06 14:37:38 | 01,277,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\CouponPrinter.exe
[2009/03/06 14:24:38 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Home away rental chart3_6.xls

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/23 19:23:07 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/23 19:22:25 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/03/23 19:20:26 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 19:20:21 | 00,000,777 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/23 19:20:21 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/23 19:20:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/23 19:20:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/23 19:20:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/23 19:19:58 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/23 09:34:00 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/23 00:01:30 | 00,039,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\usps hold mail for FL trip.MDI
[2009/03/22 10:03:48 | 00,014,872 | ---- | M] () -- C:\WINDOWS\System32\mst123.dll
[2009/03/21 12:32:56 | 00,277,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2009/03/21 12:08:53 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/03/21 11:02:18 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk
[2009/03/21 10:33:23 | 00,039,746 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\will hold mail.MDI
[2009/03/21 01:38:00 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SpywareBlaster.lnk
[2009/03/20 22:01:27 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\desktop.ini
[2009/03/20 21:55:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/19 22:00:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/19 21:59:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/18 10:31:26 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hi889k6y7y.doc
[2009/03/13 14:51:58 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Home away rental chart3_6.xls
[2009/03/11 20:19:29 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 11:22:33 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\House Info.doc
[2009/03/09 15:13:51 | 00,445,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 15:13:51 | 00,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 15:13:51 | 00,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 10:30:04 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rental contract.doc
[2009/03/08 18:36:31 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\picture_day_schedule_Tues-Wed[1].doc
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/03/06 14:37:38 | 01,277,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CouponPrinter.exe
[2009/02/28 00:55:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Attached Files


Edited by Buckeye_Sam, 24 March 2009 - 01:12 PM.


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 24 March 2009 - 01:21 PM

Let's check your settings in Firefox.
Open Firefox and click Tools -> Options
Select Advanced
Select the Network tab
Click on the Settings button
Select "No proxy" and click Ok twice.

Now close Firefox and then reopen it and check your connection.



Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    
    :Files
    C:\WINDOWS\System32\mst123.dll
    C:\Program Files\Common\helper.dll 
    C:\Program Files\Common\helper.sig
    
    :Reg
    [-HKEY_CLASSES_ROOT\CLSID\{54ab753e-111e-49e7-832d-bdc53fa9c4ab}]
    [-HKEY_CURRENT_USER\SOFTWARE\AvScan]
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 dex_og

dex_og
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 31 March 2009 - 07:33 PM

sorry for the delayed response.....went on a trip for a bit.....

1) Now that I am back, started computer and Norton "quarantined" two files marked as trojans:
"dll32.dll" and "helper.dll"

Should I have Norton erase these?

2) I have not run the file as suggested prior to this post b/c of what Norton found. Should I do this first?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users