Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootrepeal hanging, Firefox will not start


  • Please log in to reply
10 replies to this topic

#1 alexsa

alexsa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 28 October 2009 - 04:49 PM

I have a Windows XP computer that appears to have some sort of infection. After running Malwarebyte's Anti-malware, Superantispyware and Combofix here is what I am left with where I can use come guidance.

1. Firefox will not run and fails with a 'memory could not be written' error always..reinstalled and updated JAVA.

2. Initially, Firefox and IE both would not run. IE would be able to see the home page, NY Times but none of the links would work. When I would try to get
to google from IE, the popup box would say Firefox unable to resolve. After running combofix, IE would work ok meaning I could get to google etc. but at some point, the error would come back.

3. When IE and Firefox aren't working, I can get out via the Windows update link and access the internet without any problems.

4. Rootrepeal starts and immediately goes to 50% CPU usage and 2 gig of memory in use and remains in initialization.

5. Sophos Anti-rootkit didn't find anything.

I uninstalled Zonealarm and AVAST and installed Norton Internet Security 2009.

I was instructed to run DDS and post the results

Thanks for you help
Al


DDS (Ver_09-10-26.01) - NTFSx86
Run by Patricia Matteson at 17:21:41.81 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2271 [GMT -4:00]

AV: AVG *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ask Jeeves Search - c:\windows\system32\askbarAB.dll/cmd-search-selection
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Dictionary Search - c:\windows\system32\askbarAB.dll/cmd-search-selection-word
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-10-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-10-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-10-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSXpx86.sys [2009-10-27 329080]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-10-27 18816]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-30 609792]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-30 609792]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-10-27 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-27 102448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-12 105984]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-3-5 7424]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2008-7-25 20160]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2007-6-7 141376]
S3 sprint;sprint;\??\c:\windows\system32\drivers\sprint.sys --> c:\windows\system32\drivers\sprint.sys [?]
S4 avg8emc;AVG8 E-mail Scanner; [x]
S4 avg8wd;AVG8 WatchDog; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-27 17:21:37 77312 ----a-w- c:\windows\MBR.exe
2009-10-27 17:21:13 0 dc----w- C:\ComboFix
2009-10-27 17:17:59 3436782 -c--a-r- c:\temp\ComboFix.exe
2009-10-27 16:39:55 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-27 16:39:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-27 16:39:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-27 16:39:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-27 16:39:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-27 16:38:23 0 d-----w- c:\windows\system32\drivers\NIS
2009-10-27 16:38:08 0 d-----w- c:\program files\Norton Internet Security
2009-10-27 16:38:08 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-10-27 16:38:01 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Norton
2009-10-27 16:34:08 0 d-----w- c:\program files\NortonInstaller
2009-10-27 16:34:08 0 d-----w- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-10-27 16:20:58 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-10-27 16:08:11 472064 -c--a-w- c:\temp\RootRepeal.exe
2009-10-27 15:39:55 0 d-----w- c:\program files\Sophos
2009-10-27 15:38:46 1339288 -c--a-w- c:\temp\sar_15_sfx.exe
2009-10-27 15:11:46 291328 -c--a-w- c:\temp\fv49dnj4.exe
2009-10-27 14:48:51 0 dc----w- C:\MGTools
2009-10-27 14:03:13 0 dc----w- C:\New Folder
2009-10-24 20:13:35 0 dcsha-r- C:\cmdcons
2009-10-24 20:11:41 98816 ----a-w- c:\windows\sed.exe
2009-10-24 20:11:41 236544 ----a-w- c:\windows\PEV.exe
2009-10-24 20:11:41 161792 ----a-w- c:\windows\SWREG.exe
2009-10-24 20:02:19 0 -c--a-w- C:\settings.dat
2009-10-24 20:01:08 0 ----a-w- c:\documents and settings\patricia matteson.pat-0097ce7f489\settings.dat
2009-10-24 19:07:29 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-10-24 19:07:19 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 19:07:19 0 d-----w- c:\docume~1\patric~1.pat\applic~1\SUPERAntiSpyware.com
2009-10-24 19:05:49 0 d-----w- c:\docume~1\patric~1.pat\applic~1\Malwarebytes
2009-10-24 19:01:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 19:01:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 19:01:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 19:01:30 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-10-21 00:36:24 0 d-----w- c:\windows\Performance
2009-10-15 20:03:04 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-14 18:55:38 0 d-----w- c:\docume~1\patric~1.pat\applic~1\TMP

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 14:29:52 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:29:44 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-08-26 19:42:00 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 19:42:00 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-13 15:14:18 472064 -c--a-w- C:\RootRepeal.exe
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 19:23:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 18:49:30 3357184 ----a-w- c:\program files\VersionTracker_Pro_Windows_4_1.msi
2009-04-24 18:48:32 3001016 ----a-w- c:\program files\AiRoboForm.exe
2009-03-11 16:18:27 2332328 ----a-w- c:\program files\speedupmypc.exe
2009-03-09 20:55:57 2552176 ----a-w- c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2009-03-09 20:54:42 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-01-22 19:30:28 78195 ----a-w- c:\program files\com_jce_111.zip
2009-01-22 19:29:18 140750 ----a-w- c:\program files\com_jce_150.zip
2008-09-20 10:52:23 382352 ----a-w- c:\program files\xpiinstall.exe
2008-09-20 10:30:34 284005 ----a-w- c:\program files\GoogleDesktopSetup.exe
2008-09-13 16:02:21 27782600 ----a-w- c:\program files\AVASTsetupeng.exe
2007-08-24 18:10:20 23402288 -c--a-w- c:\program files\AdbeRdr810_en_US.exe
2007-07-19 21:09:28 20256064 -c--a-w- c:\program files\QuickTimeInstaller.exe
2007-07-09 15:46:26 13731344 -c--a-w- c:\program files\RealPlayer10-5GOLD_rs.exe
2007-06-16 18:21:57 1409348 ----a-w- c:\program files\HDHeartBeatsetup.zip
2006-12-13 19:50:58 3495070 -c--a-w- c:\program files\buscard.exe
2006-10-25 16:37:18 4912968 ----a-w- c:\program files\picasaweb-current-setup.exe
2005-04-26 19:28:39 563416 -c--a-w- c:\program files\flashplayer7_winax.exe
2004-03-28 18:33:48 463632 -c--a-w- c:\program files\nz-cw2.exe
2004-02-03 14:33:37 1461434 -c--a-w- c:\program files\01_small.mov
2004-01-30 15:30:10 71351 -c--a-w- c:\program files\f1099h.pdf
2004-01-30 15:27:05 81581 -c--a-w- c:\program files\f1065sk1.pdf
1998-11-23 14:25:14 4401440 ----a-w- c:\program files\wces22.exe
1998-11-23 14:12:10 287128 ----a-w- c:\program files\readme.rtf

============= FINISH: 17:22:38.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:50 PM

Posted 03 November 2009 - 06:36 AM

Hello alexsa

Welcome to BleepingComputer :(
==========================
Combofix should not be used unless instructed to do so.

Are you still having issues?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 alexsa

alexsa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 03 November 2009 - 01:43 PM

Hi Kahdah
Yes I am still having issues.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:50 PM

Posted 03 November 2009 - 09:00 PM

I see that you have AVG installed still.
It may just be a leftover in the system but do check to see if it is installed.
If it is uninstall it.
You only need one antivirus.

After that please do the following:
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 alexsa

alexsa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 04 November 2009 - 05:36 PM

OTL logfile created on: 11/4/2009 5:24:06 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 191.67 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 62.82 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 4.40 Gb Free Space | 59.16% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Patricia Matteson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe (Samsung Electronics.)
PRC - C:\WINDOWS\SYSTEM32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- File not found
SRV - (avg8emc) -- File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\SYSTEM32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (UMWdf) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102.002\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091104.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091104.009\NAVENG.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\SYSTEM32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (HDAudBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (OEM02Dev) -- C:\WINDOWS\SYSTEM32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS (Broadcom Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\yk51x86.sys (Marvell)
DRV - (ialm) -- C:\WINDOWS\SYSTEM32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (OEM02Afx) -- C:\WINDOWS\SYSTEM32\DRIVERS\OEM02Afx.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\WINDOWS\SYSTEM32\DRIVERS\sthda.sys (SigmaTel, Inc.)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\WINDOWS\SYSTEM32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\WINDOWS\SYSTEM32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\SYSTEM32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\SYSTEM32\DRIVERS\rixdptsk.sys (REDC)
DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (DgiVecp) -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\SYSTEM32\DRIVERS\cercsr6.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ADM8511) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADM8511.SYS (ADMtek Incorporated)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.95
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {41697025-CA0B-4687-99DE-ABC82C5A630B}:6.0.32
FF - prefs.js..extensions.enabledItems: {9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}:6.0.30
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 17:47:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/09/27 07:42:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/30 12:09:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/27 07:42:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/29 10:06:58 | 00,000,000 | ---D | M]

[2009/04/04 09:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Extensions
[2009/04/04 09:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/27 09:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions
[2009/09/02 19:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/23 08:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2008/09/08 12:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{6aec4bf7-c16a-4e5c-a65a-114a57157969}
[2008/07/26 06:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2009/09/28 20:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008/09/08 12:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/08 12:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/09/08 12:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/26 15:45:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/09/08 12:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/09/14 06:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\extensions\sortplaces@andyhalford.com
[2008/06/26 06:53:30 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Mozilla\Firefox\Profiles\4if9x6no.default\searchplugins\webster.xml
[2009/10/27 12:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/23 09:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(3)
[2007/10/31 22:59:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/05/30 12:09:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/26 09:26:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/08/20 16:45:02 | 01,431,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/06/30 22:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/27 07:42:30 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/07/23 08:54:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/27 07:42:36 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/09/27 07:42:28 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/03 10:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/10/27 12:03:48 | 00,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ask Jeeves Search - C:\WINDOWS\System32\askbarAB.dll File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Dictionary Search - C:\WINDOWS\System32\askbarAB.dll File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/04 17:21:48 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\OTL.exe
[2009/11/04 17:18:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/27 12:45:13 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/10/27 12:45:13 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/10/27 12:45:13 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/10/27 12:45:13 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/10/27 12:45:13 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/10/27 12:45:13 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009/10/27 12:45:12 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/10/27 12:45:12 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/10/27 12:45:12 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/10/27 12:44:34 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/27 12:44:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/10/27 12:21:13 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/27 11:40:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\My Documents\Symantec
[2009/10/27 11:39:55 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/27 11:39:52 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/27 11:39:52 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/27 11:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/10/27 11:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/27 11:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/27 11:38:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
[2009/10/27 11:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2009/10/27 11:34:08 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/27 11:34:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2009/10/27 11:20:58 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2009/10/27 10:39:55 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/27 09:48:51 | 00,000,000 | ---D | C] -- C:\MGTools
[2009/10/27 09:03:13 | 00,000,000 | ---D | C] -- C:\New Folder
[2009/10/26 09:26:42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/26 09:26:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/26 09:26:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/24 15:13:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/24 15:11:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/24 15:11:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/24 15:11:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/24 15:11:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/24 15:10:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/24 15:09:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/24 14:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2009/10/24 14:07:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/24 14:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\SUPERAntiSpyware.com
[2009/10/24 14:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Malwarebytes
[2009/10/24 14:01:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 14:01:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 14:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 14:01:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/10/20 19:36:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/10/20 19:36:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\Microsoft Corporation
[2009/10/15 15:03:04 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/14 13:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\TMP
[2009/03/11 11:17:52 | 02,332,328 | ---- | C] (Uniblue Systems Ltd. ) -- C:\Program Files\speedupmypc.exe
[2009/03/09 15:55:31 | 02,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2009/03/09 15:51:44 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2008/09/20 05:51:55 | 00,382,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\xpiinstall.exe
[2007/08/24 11:44:54 | 23,402,288 | ---- | C] ( ) -- C:\Program Files\AdbeRdr810_en_US.exe
[2007/08/11 05:48:38 | 03,001,016 | ---- | C] (Siber Systems) -- C:\Program Files\AiRoboForm.exe
[2007/07/19 14:29:21 | 20,256,064 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2007/07/09 09:39:36 | 13,731,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD_rs.exe
[2006/12/13 14:50:58 | 03,495,070 | ---- | C] (AMF Software ) -- C:\Program Files\buscard.exe
[2006/10/25 11:02:20 | 04,912,968 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2005/04/26 14:28:39 | 00,563,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\flashplayer7_winax.exe
[1998/11/23 09:25:14 | 04,401,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wces22.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/04 17:21:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\OTL.exe
[2009/11/04 17:19:36 | 00,511,974 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 17:19:36 | 00,435,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 17:19:36 | 00,068,222 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 17:18:50 | 00,626,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/04 17:15:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 17:15:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 17:10:51 | 10,223,616 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\NTUSER.DAT
[2009/11/04 17:10:51 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\NTUSER.INI
[2009/11/04 17:10:44 | 03,846,482 | -H-- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\IconCache.db
[2009/11/04 16:58:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 10:07:00 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2009/10/29 09:22:28 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\To Do for Kitty.doc
[2009/10/29 09:15:21 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\Anne F To Do 10_29_09.doc
[2009/10/29 09:05:16 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\PM to do for Mc Newsletter 2010.doc
[2009/10/28 16:21:21 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\dds.scr
[2009/10/28 09:20:22 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton Internet Security.lnk
[2009/10/27 12:45:15 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/27 12:45:15 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/27 12:45:15 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/27 12:45:15 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/27 12:44:34 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/27 12:44:30 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/10/27 12:44:30 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/10/27 12:44:30 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/10/27 12:29:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/27 11:35:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/27 08:48:59 | 00,000,556 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/27 08:48:59 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/26 14:11:05 | 00,136,704 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\ToDoOct_02_09.doc
[2009/10/25 05:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 15:28:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/10/24 15:02:19 | 00,000,000 | ---- | M] () -- C:\settings.dat
[2009/10/24 15:01:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\settings.dat
[2009/10/24 14:07:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/24 14:01:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 06:48:41 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\List of things to FINISH_9_10_09.doc
[2009/10/20 16:16:03 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\last two ftn Lacemaking chapter.doc
[2009/10/20 16:12:05 | 00,083,456 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\17-1-12.Matteson READY.doc
[2009/10/20 07:40:05 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\Oct20_2009-Matteson MW Oneida revised.doc
[2009/10/17 06:06:57 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\As Geoffrey Chaucer lamented.doc
[2009/10/15 16:39:27 | 00,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 07:45:52 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\AKS Birthday Article 200 wds.doc
[2009/10/08 13:38:43 | 00,059,904 | ---- | M] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\MCBdContact Info_09.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/29 10:06:59 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2009/10/29 09:20:05 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\To Do for Kitty.doc
[2009/10/29 09:09:54 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\Anne F To Do 10_29_09.doc
[2009/10/29 09:01:37 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\PM to do for Mc Newsletter 2010.doc
[2009/10/28 09:20:36 | 00,626,180 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/27 12:45:13 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/10/27 12:45:13 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/10/27 12:45:13 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/10/27 12:45:12 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/10/27 12:45:12 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/10/27 12:45:12 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/10/27 12:45:12 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/10/27 12:45:12 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/10/27 12:45:12 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/10/27 12:45:12 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/10/27 12:45:12 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/10/27 12:45:12 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/10/27 12:44:30 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/10/27 12:44:30 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/10/27 12:44:30 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/10/27 12:21:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 11:39:52 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/27 11:39:52 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/27 11:39:49 | 00,001,973 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton Internet Security.lnk
[2009/10/27 11:12:14 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\dds.scr
[2009/10/24 15:13:37 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/24 15:11:41 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/24 15:11:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/24 15:11:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/24 15:11:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/24 15:02:19 | 00,000,000 | ---- | C] () -- C:\settings.dat
[2009/10/24 15:01:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\settings.dat
[2009/10/24 14:07:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/24 14:01:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/20 16:16:02 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\last two ftn Lacemaking chapter.doc
[2009/10/20 16:12:04 | 00,083,456 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\17-1-12.Matteson READY.doc
[2009/10/08 15:09:17 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop\AKS Birthday Article 200 wds.doc
[2009/09/27 15:50:27 | 03,846,482 | -H-- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\IconCache.db
[2009/05/21 17:45:27 | 00,002,356 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/24 13:48:50 | 03,357,184 | ---- | C] () -- C:\Program Files\VersionTracker_Pro_Windows_4_1.msi
[2009/01/22 14:30:28 | 00,078,195 | ---- | C] () -- C:\Program Files\com_jce_111.zip
[2009/01/22 14:29:17 | 00,140,750 | ---- | C] () -- C:\Program Files\com_jce_150.zip
[2008/12/20 18:16:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2008/09/20 05:29:12 | 00,284,005 | ---- | C] () -- C:\Program Files\GoogleDesktopSetup.exe
[2008/09/11 10:08:24 | 27,782,600 | ---- | C] () -- C:\Program Files\AVASTsetupeng.exe
[2008/08/31 12:20:00 | 00,000,751 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\default.pls
[2008/07/29 14:30:23 | 00,013,055 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Comma Separated Values (Windows).CAL
[2008/07/29 09:58:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/22 22:35:23 | 02,116,008 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/22 22:30:32 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/19 03:55:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/18 19:18:54 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/07/13 15:12:44 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/13 15:12:44 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/12 09:59:51 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/07/12 09:59:51 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/12 09:59:51 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/07/12 06:29:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2007/06/16 13:15:25 | 01,409,348 | ---- | C] () -- C:\Program Files\HDHeartBeatsetup.zip
[2006/11/27 12:14:35 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\$_hpcst$.hpc
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 05:00:00 | 00,000,556 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/28 10:15:02 | 00,463,632 | ---- | C] () -- C:\Program Files\nz-cw2.exe
[2004/03/11 08:09:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\dm.ini
[2004/02/21 20:50:04 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/21 20:28:50 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\fusioncache.dat
[2004/02/16 18:35:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\DESKTOP.INI
[2004/02/16 18:34:58 | 00,064,368 | ---- | C] () -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/02/03 09:25:40 | 01,461,434 | ---- | C] () -- C:\Program Files\01_small.mov
[2004/01/30 10:29:56 | 00,071,351 | ---- | C] () -- C:\Program Files\f1099h.pdf
[2004/01/30 10:26:55 | 00,081,581 | ---- | C] () -- C:\Program Files\f1065sk1.pdf
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/11/23 09:12:10 | 00,287,128 | ---- | C] () -- C:\Program Files\readme.rtf

========== LOP Check ==========

[2008/09/14 10:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/10/29 13:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/07/23 14:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2008/07/29 12:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm
[2009/10/24 14:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/04/04 08:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Acronis
[2009/03/10 12:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/07/24 10:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\FileMaker
[2009/10/10 07:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Free Download Manager
[2009/10/23 06:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\iolo
[2004/02/28 13:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Leadertech
[2009/04/04 08:32:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\MSNInstaller
[2006/10/31 19:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Opera
[2008/07/22 22:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\save
[2009/04/04 08:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\SlipStream
[2006/11/07 13:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Thunderbird
[2009/10/14 13:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\TMP
[2008/03/15 11:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Trevoli
[2009/03/11 11:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\uniblue
[2009/08/16 14:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Application Data\WeatherBug
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 17:15:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0F8F5844
< End of report >
-----------------------------------------------

OTL Extras logfile created on: 11/4/2009 5:24:06 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Patricia Matteson.PAT-0097CE7F489\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 191.67 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 62.82 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 4.40 Gb Free Space | 59.16% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Patricia Matteson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"ebasePro" = ebasePro 2.20-07/14/07
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 alexsa

alexsa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 04 November 2009 - 06:54 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-04 18:54:35
Windows 5.1.2600 Service Pack 3
Running: jex8r1mv.exe; Driver: C:\DOCUME~1\PATRIC~1.PAT\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT 89AC2AB8 ZwAlertResumeThread
SSDT 89AC2C00 ZwAlertThread
SSDT 89836530 ZwAllocateVirtualMemory
SSDT 8990B920 ZwAssignProcessToJobObject
SSDT 89B43F48 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9BDC1130]
SSDT 89B2B0B8 ZwCreateMutant
SSDT 89AE2138 ZwCreateSymbolicLinkObject
SSDT 892A0E30 ZwCreateThread
SSDT 897E7A30 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9BDC13B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9BDC1910]
SSDT 8988E360 ZwDuplicateObject
SSDT 8969BF00 ZwFreeVirtualMemory
SSDT 898DCB00 ZwImpersonateAnonymousToken
SSDT 89B756A0 ZwImpersonateThread
SSDT 89985140 ZwLoadDriver
SSDT 89857F70 ZwMapViewOfSection
SSDT 897F5698 ZwOpenEvent
SSDT 8981E468 ZwOpenProcess
SSDT 897F3538 ZwOpenProcessToken
SSDT 8990F8B8 ZwOpenSection
SSDT 8988E4F0 ZwOpenThread
SSDT 89910008 ZwProtectVirtualMemory
SSDT 899258B8 ZwResumeThread
SSDT 89839B50 ZwSetContextThread
SSDT 89852478 ZwSetInformationProcess
SSDT 8990F4D8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9BDC1B60]
SSDT 8990FA48 ZwSuspendProcess
SSDT 89C12568 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9BCDC0B0]
SSDT 897DBF70 ZwTerminateThread
SSDT 89C5F908 ZwUnmapViewOfSection
SSDT 89686F00 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[268] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[268] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[436] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe[524] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[696] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wdfmgr.exe[868] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text ...
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] advapi32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe[1984] advapi32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe[2184] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2368] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2392] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2420] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe[2536] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[3112] ADVAPI32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[3668] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\jex8r1mv.exe[3796] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F0D0F5A
.text C:\jex8r1mv.exe[3796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\jex8r1mv.exe[3796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F160F5A
.text C:\jex8r1mv.exe[3796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F130F5A
.text C:\jex8r1mv.exe[3796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\jex8r1mv.exe[3796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F100F5A
.text C:\jex8r1mv.exe[3796] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F190F5A
.text C:\jex8r1mv.exe[3796] advapi32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F040F5A
.text C:\jex8r1mv.exe[3796] advapi32.dll!RegSetValueA 77DFC79E 6 Bytes JMP 5F0A0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Logs\TempLog.Lue 4096 bytes

---- EOF - GMER 1.0.15 ----

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:50 PM

Posted 04 November 2009 - 08:53 PM

Hi can you also post the Combofix log you have please .
It will be located here C:\Combofix.txt
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 alexsa

alexsa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 05 November 2009 - 08:39 AM

ComboFix 09-10-26.06 - Patricia Matteson 10/27/2009 13:23.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2433 [GMT
-4:00]
Running from: c:\temp\ComboFix.exe
AV: AVG *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Updated)
{E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27
)))))))))))))))))))))))))))))))
.

2009-10-27 17:17 . 2009-10-27 17:17 3436782 -c--a-r- c:\temp\ComboFix.exe
2009-10-27 16:39 . 2009-10-27 16:39 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-27 16:39 . 2009-10-27 16:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-27 16:39 . 2009-10-27 16:39 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-27 16:38 . 2009-10-27 16:38 -------- d-----w- c:\windows\system32\drivers\NIS
2009-10-27 16:38 . 2009-10-27 16:39 -------- d-----w- c:\program
files\Norton Internet Security
2009-10-27 16:38 . 2009-10-27 16:38 -------- d-----w- c:\program
files\Windows Sidebar
2009-10-27 16:38 . 2009-10-27 16:38 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\Symantec
2009-10-27 16:38 . 2009-10-27 16:38 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\Norton
2009-10-27 16:34 . 2009-10-27 16:37 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-10-27 16:34 . 2009-10-27 16:34 -------- d-----w- c:\program
files\NortonInstaller
2009-10-27 16:20 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-10-27 16:08 . 2009-10-27 16:08 472064 -c--a-w- c:\temp\RootRepeal.exe
2009-10-27 15:39 . 2009-10-27 15:39 -------- d-----w- c:\program
files\Sophos
2009-10-27 15:38 . 2009-10-27 15:38 1339288 -c--a-w- c:\temp\sar_15_sfx.exe
2009-10-27 15:11 . 2009-10-27 15:11 291328 -c--a-w- c:\temp\fv49dnj4.exe
2009-10-27 14:48 . 2009-10-27 14:49 -------- dc----w- C:\MGTools
2009-10-27 14:08 . 2009-10-27 14:08 -------- d-----w- c:\documents and
settings\Administrator.PAT-0097CE7F489\Application Data\SUPERAntiSpyware.com
2009-10-27 14:07 . 2009-10-27 14:07 -------- d-----w- c:\documents and
settings\Administrator.PAT-0097CE7F489\Local Settings\Application Data\Mozilla
2009-10-27 14:03 . 2009-10-27 14:03 -------- dc----w- C:\New Folder
2009-10-24 20:02 . 2009-10-24 20:02 0 -c--a-w- C:\settings.dat
2009-10-24 20:01 . 2009-10-24 20:01 0 ----a-w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\settings.dat
2009-10-24 19:07 . 2009-10-24 19:07 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-10-24 19:07 . 2009-10-27 14:23 -------- d-----w- c:\program
files\SUPERAntiSpyware
2009-10-24 19:07 . 2009-10-24 19:07 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Application Data\SUPERAntiSpyware.com
2009-10-24 19:05 . 2009-10-24 19:05 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Malwarebytes
2009-10-24 19:01 . 2009-10-24 19:01 -------- d-----w- c:\documents and
settings\Administrator.PAT-0097CE7F489\Application Data\Malwarebytes
2009-10-24 19:01 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 19:01 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 19:01 . 2009-10-24 19:33 -------- d-----w- c:\program
files\Malwarebytes' Anti-Malware
2009-10-24 19:01 . 2009-10-24 19:01 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-10-24 18:54 . 2009-10-24 18:54 -------- d-----w- c:\documents and
settings\Administrator.PAT-0097CE7F489\Application Data\iolo
2009-10-21 00:36 . 2009-10-21 00:36 -------- d-----w- c:\windows\Performance
2009-10-21 00:36 . 2009-10-21 00:36 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Local Settings\Application
Data\Microsoft Corporation
2009-10-15 20:03 . 2007-08-24 22:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-14 18:55 . 2009-10-14 18:55 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Application Data\TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 16:50 . 2004-02-22 00:19 -------- d-----w- c:\program
files\Common Files\Symantec Shared
2009-10-27 16:39 . 2009-10-27 16:39 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-27 16:39 . 2009-10-27 16:39 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-27 16:39 . 2004-02-22 00:28 -------- d-----w- c:\program
files\Symantec
2009-10-26 18:46 . 2004-02-10 00:54 -------- d-----w- c:\program
files\Microsoft Works
2009-10-26 18:42 . 2006-11-07 18:12 -------- d-----w- c:\program
files\Mozilla Thunderbird
2009-10-26 15:21 . 2008-07-23 03:28 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\iolo
2009-10-26 14:26 . 2004-02-10 00:29 -------- d-----w- c:\program
files\Java
2009-10-24 21:33 . 2009-07-29 16:51 -------- d-----w- c:\program
files\Citrix
2009-10-24 19:44 . 2008-07-23 19:28 -------- d---a-w- c:\documents and
settings\All Users.WINDOWS\Application Data\TEMP
2009-10-24 18:54 . 2007-05-30 16:05 -------- d-----w- c:\program
files\Common Files\Wise Installation Wizard
2009-10-23 11:49 . 2008-07-23 03:28 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Application Data\iolo
2009-10-10 12:46 . 2007-06-05 13:05 -------- d-----w- c:\documents and
settings\Patricia Matteson.PAT-0097CE7F489\Application Data\Free Download
Manager
2009-09-27 12:42 . 2004-02-10 00:46 -------- d-----w- c:\program
files\Common Files\Real
2009-09-26 20:46 . 2008-07-23 03:01 -------- d-----w- c:\documents and
settings\All Users.WINDOWS\Application Data\NOS
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 14:29 . 2009-07-25 15:13 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:29 . 2008-07-23 03:35 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-08-26 19:42 . 2009-01-30 20:44 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 19:42 . 2009-01-30 20:44 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-13 15:14 . 2009-08-13 15:14 472064 -c--a-w- C:\RootRepeal.exe
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 19:23 . 2009-05-30 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 18:49 . 2009-04-24 18:48 3357184 ----a-w- c:\program
files\VersionTracker_Pro_Windows_4_1.msi
2009-04-24 18:48 . 2007-08-11 10:48 3001016 ----a-w- c:\program
files\AiRoboForm.exe
2009-03-11 16:18 . 2009-03-11 16:17 2332328 ----a-w- c:\program
files\speedupmypc.exe
2009-03-09 20:55 . 2009-03-09 20:55 2552176 ----a-w- c:\program
files\IE7-WindowsXP-KB960714-x86-ENU.exe
2009-03-09 20:54 . 2009-03-09 20:51 15452536 ----a-w- c:\program
files\IE7-WindowsXP-x86-enu.exe
2009-01-22 19:30 . 2009-01-22 19:30 78195 ----a-w- c:\program
files\com_jce_111.zip
2009-01-22 19:29 . 2009-01-22 19:29 140750 ----a-w- c:\program
files\com_jce_150.zip
2008-09-20 10:52 . 2008-09-20 10:51 382352 ----a-w- c:\program
files\xpiinstall.exe
2008-09-20 10:30 . 2008-09-20 10:29 284005 ----a-w- c:\program
files\GoogleDesktopSetup.exe
2008-09-13 16:02 . 2008-09-11 15:08 27782600 ----a-w- c:\program
files\AVASTsetupeng.exe
2007-08-24 18:10 . 2007-08-24 16:44 23402288 -c--a-w- c:\program
files\AdbeRdr810_en_US.exe
2007-07-19 21:09 . 2007-07-19 19:29 20256064 -c--a-w- c:\program
files\QuickTimeInstaller.exe
2007-07-09 15:46 . 2007-07-09 14:39 13731344 -c--a-w- c:\program
files\RealPlayer10-5GOLD_rs.exe
2007-06-16 18:21 . 2007-06-16 18:15 1409348 ----a-w- c:\program
files\HDHeartBeatsetup.zip
2006-12-13 19:50 . 2006-12-13 19:50 3495070 -c--a-w- c:\program
files\buscard.exe
2006-10-25 16:37 . 2006-10-25 16:02 4912968 ----a-w- c:\program
files\picasaweb-current-setup.exe
2005-04-26 19:28 . 2005-04-26 19:28 563416 -c--a-w- c:\program
files\flashplayer7_winax.exe
2004-03-28 18:33 . 2004-03-28 15:15 463632 -c--a-w- c:\program
files\nz-cw2.exe
2004-02-03 14:33 . 2004-02-03 14:25 1461434 -c--a-w- c:\program
files\01_small.mov
2004-01-30 15:30 . 2004-01-30 15:29 71351 -c--a-w- c:\program
files\f1099h.pdf
2004-01-30 15:27 . 2004-01-30 15:26 81581 -c--a-w- c:\program
files\f1065sk1.pdf
1998-11-23 14:25 . 1998-11-23 14:25 4401440 ----a-w- c:\program
files\wces22.exe
1998-11-23 14:12 . 1998-11-23 14:12 287128 ----a-w- c:\program
files\readme.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe"
[2009-03-05 2260480]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[2009-06-27 160592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
[2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-03-14 360448]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes'
Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31
149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL"
[2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start
Menu^Programs^Startup^TOAST.net Accelerator.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\SymEFA.sys
[10/27/2009 12:39 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\BHDrvx86.sys
[10/27/2009 12:39 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\cchpx86.sys
[10/27/2009 12:39 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSXpx86.sys
[10/27/2009 12:47 PM 329080]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009
9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009
9:24 PM 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\SYSTEM32\SAVRKBootTasks.sys
[10/27/2009 12:20 PM 18816]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton
Internet Security\Engine\16.5.0.135\ccSvcHst.exe [10/27/2009 12:39 PM 115560]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\SYSTEM32\DRIVERS\IntcHdmi.sys
[7/12/2008 10:59 AM 105984]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\SYSTEM32\DRIVERS\OEM02Dev.sys
[10/10/2007 5:03 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\SYSTEM32\DRIVERS\OEM02Vfx.sys
[3/5/2007 10:45 AM 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009
9:24 PM 7408]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys
--> c:\windows\system32\Drivers\avgldx86.sys [?]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys -->
c:\windows\system32\Drivers\avgtdix.sys [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe
[1/30/2009 4:44 PM 609792]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe
[1/30/2009 4:44 PM 609792]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS
[7/25/2008 6:34 AM 20160]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k
getPlusHelper [8/4/2004 6:00 AM 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp
[?]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002
camera.;c:\windows\SYSTEM32\DRIVERS\OEM02Afx.sys [6/7/2007 5:00 PM 141376]
S3 sprint;sprint;\??\c:\windows\system32\drivers\sprint.sys -->
c:\windows\system32\drivers\sprint.sys [?]
S4 avg8emc;AVG8 E-mail Scanner; [x]
S4 avg8wd;AVG8 WatchDog; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRVI9
*NewlyCreated* - MBR
*Deregistered* - EraserUtilDrvI9
*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ask Jeeves Search - c:\windows\system32\askbarAB.dll/cmd-search-selection
IE: Customize Menu - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComCustomizeIEMenu.html
IE: Dictionary Search - c:\windows\system32\askbarAB.dll/cmd-search-selection-word
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} -
c:\progra~1\DAP\dapie.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - f:\virus stuff\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-27 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\"
/s \"Norton Internet Security\" /m \"c:\program files\Norton Internet
Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\WLDAP32.dll

- - - - - - - > 'lsass.exe'(1416)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-27 13:31
ComboFix-quarantined-files.txt 2009-10-27 17:31
ComboFix2.txt 2009-10-27 15:35
ComboFix3.txt 2009-10-24 20:35

Pre-Run: 205,784,641,536 bytes free
Post-Run: 206,010,212,352 bytes free

- - End Of File - - BBD8DB8D2A0E92D793D35ADE1BD991F6

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:50 PM

Posted 06 November 2009 - 07:18 AM

Hmm I see no sign of any malware in your system at the moment.
Have you tried to uninstall\reinstall Firefox and I E?
When you uninstall the current version of IE then it rolls back to the version before that one.
Give that a shot and see if that helps.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 alexsa

alexsa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 November 2009 - 08:59 AM

Thanks for your help! The problem with Firefox was an upgrade to System Mechanic and added 'System Guard' component that prevented Firefox from starting.
I had read about problems with System Mechanic before but not this one.
It appears Norton has at least blocked the IE problem from recurring so things are fine for now.
Waiting for an open slot in the malware training.

Edited by alexsa, 13 November 2009 - 09:46 AM.


#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:50 PM

Posted 13 November 2009 - 08:17 PM

Great thanks for letting me know and I am glad it is sorted out.
=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users