Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got hijacked!!!!!!!


  • This topic is locked This topic is locked
12 replies to this topic

#1 dlucca

dlucca

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 06 November 2009 - 02:24 PM

Ok so like so many other I recently got hijacked. It is the toolbar.ask.com redirect virus. I have tried to find the best way to get rid of it myself without paying an And and a leg to get some one to fix it

can you guys help me out?

Dlucca

Ok guys so I followed the instructions this time....

I hope this what you need!!!!

I have a toolbar.ask.com redirect problem........

Thank you so much for your help...



DDS (Ver_09-10-26.01) - NTFSx86
Run by Daniel Parenti at 11:50:26.28 on Fri 11/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32bcmntray.exe
C:Program FilesHPQSHAREDHPQWMI.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32MacromedShockwave 10PostUpdate.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsDaniel ParentiDesktopdds.scr
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSSystem32svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filesadobeacrobat 6.0acrobatAcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:program filesnorton internet securitynorton antivirusNavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:program filesnorton internet securitynorton antivirusNavShExt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filesadobeacrobat 6.0acrobatAcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:progra~1yahoo!commonyhexbmesus.dll
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
uRunOnce: [SWHelper] "c:windowssystem32macromedshockwave 10PostUpdate.exe" 1010011
mRun: [hpWirelessAssistant] c:program fileshpqhp wireless assistantHP Wireless Assistant.exe
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:windowssystem32bcmntray
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [URLLSTCK.exe] c:program filesnorton internet securityUrlLstCk.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [StartCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [Adobe_ID0EYTHM] c:progra~1common~1adobeadobev~1serverbinVERSIO~2.EXE
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
IE: &Yahoo! Search - file:///c:program filesyahoo!Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~4office10EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:program filesyahoo!Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:program filesyahoo!Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:program filesyahoo!Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
Trusted Zone: microsoft.comupdate
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonyinsthelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243632865312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://atl.img.digitalriver.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1daniel~1applic~1mozillafirefoxprofiles7pid077b.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:program filesmozilla firefoxpluginsnpracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R? Lbd;Lbd
R? ma763008;M-Audio Ozone
R? MADFU008;MADFU008
R? SBRE;SBRE
R? USBNZ1X1;M-Audio Ozone Midi
S? HSFHWATI;HSFHWATI
S? SASDIFSV;SASDIFSV
S? SASENUM;SASENUM
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2009-11-06 17:03:24 0 d-----w- c:program filesTrend Micro
2009-11-04 08:16:03 0 d-sha-r- C:cmdcons
2009-11-04 08:07:19 77312 ----a-w- c:windowsMBR.exe
2009-11-04 08:07:18 98816 ----a-w- c:windowssed.exe
2009-11-04 08:07:18 236544 ----a-w- c:windowsPEV.exe
2009-11-04 08:07:18 161792 ----a-w- c:windowsSWREG.exe
2009-10-25 04:17:42 0 d-----w- c:program filescommon filesControl Panels
2009-10-25 02:17:53 0 d-----w- C:1f39fbdfca5601c257b7c569fd20bdf7
2009-10-24 13:41:52 1089593 ------w- c:windowssystem32dllcachentprint.cat
2009-10-24 03:46:06 89088 ------w- c:windowssystem32dllcachefilterpipelineprintproc.dll
2009-10-24 03:46:06 597504 ------w- c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2009-10-24 03:46:06 575488 ------w- c:windowssystem32xpsshhdr.dll
2009-10-24 03:46:06 575488 ------w- c:windowssystem32dllcachexpsshhdr.dll
2009-10-24 03:46:06 117760 ------w- c:windowssystem32prntvpt.dll
2009-10-24 03:46:05 1676288 ------w- c:windowssystem32xpssvcs.dll
2009-10-24 03:46:05 1676288 ------w- c:windowssystem32dllcachexpssvcs.dll
2009-10-24 03:46:05 0 d-----w- C:181f4d4738ac67eac3
2009-10-23 22:43:03 0 d-----w- c:docume~1alluse~1applic~1ALM
2009-10-23 22:01:26 2463976 ----a-w- c:windowssystem32NPSWF32.dll
2009-10-23 22:01:26 190696 ----a-w- c:windowssystem32NPSWF32_FlashUtil.exe
2009-10-21 04:02:53 128512 ------w- c:windowssystem32dllcachedhtmled.ocx
2009-10-21 04:02:48 153088 ------w- c:windowssystem32dllcachetriedit.dll
2009-10-21 04:01:33 1315328 ------w- c:windowssystem32dllcachemsoe.dll
2009-10-21 03:54:14 58880 ------w- c:windowssystem32dllcachemsasn1.dll
2009-10-21 03:54:11 1435648 ------w- c:windowssystem32dllcachequery.dll
2009-10-20 21:24:58 0 d-----w- c:windowssystem32wbemRepository
2009-10-20 20:54:04 0 d-----w- c:program filesK-Lite Codec Pack
2009-10-20 20:31:19 0 d-----w- c:docume~1alluse~1applic~1NOS(4)
2009-10-20 20:31:06 0 d-----w- c:docume~1alluse~1applic~1NOS(3)
2009-10-20 20:29:57 0 d-----w- c:docume~1alluse~1applic~1NOS(2)

==================== Find3M ====================

2009-10-21 04:08:54 3598336 ----a-w- c:windowssystem32dllcachemshtml.dll
2009-10-01 22:56:06 320080 ----a-w- c:docume~1daniel~1applic~1GDIPFONTCACHEV1.DAT
2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:windowssystem32dllcachemsv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll
2009-08-29 02:42:52 2065696 ----a-w- c:windowssystem32usbaaplrc.dll
2009-08-28 10:28:59 70656 ------w- c:windowssystem32dllcacheie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:windowssystem32dllcacheieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:windowssystem32dllcacheiexplore.exe
2009-08-27 05:18:41 161792 ------w- c:windowssystem32dllcacheieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32dllcachestrmdll.dll
2009-08-20 22:09:06 1193832 ----a-w- c:windowssystem32FM20.DLL
2009-08-13 15:16:05 512000 ------w- c:windowssystem32dllcachejscript.dll
2006-01-05 05:06:55 774144 ----a-w- c:program filesRngInterstitial.dll

============= FINISH: 11:52:22.85 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 12:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:WINDOWSsystem32DRIVERS1394BUS.SYS
Address: 0xF75B0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7461000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: DriverACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF79AC000 Size: 11648 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:WINDOWSsystem32DRIVERSAegisP.sys
Address: 0xEC51D000 Size: 15968 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:WINDOWSSystem32driversafd.sys
Address: 0xEE89E000 Size: 138496 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7A98000 Size: 5248 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:WINDOWSsystem32DRIVERSAmdK8.sys
Address: 0xF76E0000 Size: 61440 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:WINDOWSsystem32DRIVERSarp1394.sys
Address: 0xF7640000 Size: 60800 File Visible: - Signed: -
Status: -

Name: Aspi32.SYS
Image Path: C:WINDOWSSystem32DriversAspi32.SYS
Address: 0xF7A34000 Size: 15936 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73FB000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:WINDOWSSystem32ati2cqag.dll
Address: 0xBF049000 Size: 212992 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:WINDOWSSystem32ati2dvag.dll
Address: 0xBF012000 Size: 225280 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:WINDOWSsystem32DRIVERSati2mtag.sys
Address: 0xF7140000 Size: 1331200 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:WINDOWSSystem32ati3duag.dll
Address: 0xBF0B2000 Size: 2367488 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:WINDOWSSystem32atikvmag.dll
Address: 0xBF07D000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:WINDOWSSystem32ativvaxx.dll
Address: 0xBF2F4000 Size: 643072 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:WINDOWSSystem32ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:WINDOWSsystem32DRIVERSaudstub.sys
Address: 0xF7BFD000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:WINDOWSsystem32DRIVERSBATTC.SYS
Address: 0xF79A8000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:WINDOWSsystem32DRIVERSbcmwl5.sys
Address: 0xF6F62000 Size: 1391104 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:WINDOWSSystem32DriversBeep.SYS
Address: 0xF7AC4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:WINDOWSsystem32BOOTVID.dll
Address: 0xF79A0000 Size: 12288 File Visible: - Signed: -
Status: -

Name: camc6aud.sys
Image Path: C:WINDOWSsystem32driverscamc6aud.sys
Address: 0xF7740000 Size: 37760 File Visible: - Signed: -
Status: -

Name: camc6hal.sys
Image Path: C:WINDOWSsystem32driverscamc6hal.sys
Address: 0xF6EBF000 Size: 346496 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:WINDOWSSystem32DriversCdfs.SYS
Address: 0xF7690000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:WINDOWSsystem32DRIVERScdrom.sys
Address: 0xF7700000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:WINDOWSsystem32DRIVERSCLASSPNP.SYS
Address: 0xF75F0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:WINDOWSsystem32DRIVERSCmBatt.sys
Address: 0xF7A5C000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF79A4000 Size: 10240 File Visible: - Signed: -
Status: -

Name: DcCam.sys
Image Path: C:WINDOWSsystem32DRIVERSDcCam.sys
Address: 0xF7800000 Size: 37088 File Visible: - Signed: -
Status: -

Name: dcfs2k.sys
Image Path: C:WINDOWSsystem32driversdcfs2k.sys
Address: 0xEE938000 Size: 38624 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75E0000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:WINDOWSsystem32driversdrmk.sys
Address: 0xF7750000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xEE739000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7ACE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:WINDOWSSystem32driversDxapi.sys
Address: 0xF6B8A000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:WINDOWSSystem32driversdxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:WINDOWSSystem32driversdxgthk.sys
Address: 0xF7CB8000 Size: 4096 File Visible: - Signed: -
Status: -

Name: EABFiltr.sys
Image Path: C:WINDOWSsystem32driversEABFiltr.sys
Address: 0xF7ACC000 Size: 6720 File Visible: - Signed: -
Status: -

Name: elagopro.sys
Image Path: C:WINDOWSsystem32DRIVERSelagopro.sys
Address: 0xF7968000 Size: 28672 File Visible: - Signed: -
Status: -

Name: elaunidr.sys
Image Path: C:WINDOWSsystem32DRIVERSelaunidr.sys
Address: 0xF7AA0000 Size: 5376 File Visible: - Signed: -
Status: -

Name: EXPORTIT.SYS
Image Path: C:WINDOWSsystem32DRIVERSEXPORTIT.SYS
Address: 0xEEB02000 Size: 155648 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:WINDOWSSystem32DriversFips.SYS
Address: 0xF7670000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73DB000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:WINDOWSSystem32DriversFs_Rec.SYS
Address: 0xF7AC2000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7413000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:WINDOWSSYSTEM32DRIVERSGEARAspiWDM.sys
Address: 0xF78B0000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:WINDOWSsystem32hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:WINDOWSsystem32DRIVERSHSF_CNXT.sys
Address: 0xF6CC0000 Size: 703232 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:WINDOWSsystem32DRIVERSHSF_DP.sys
Address: 0xF6D6C000 Size: 1038208 File Visible: - Signed: -
Status: -

Name: HSFHWATI.sys
Image Path: C:WINDOWSsystem32DRIVERSHSFHWATI.sys
Address: 0xF6E6A000 Size: 200192 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:WINDOWSSystem32DriversHTTP.sys
Address: 0xEB1B2000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:WINDOWSsystem32DRIVERSi8042prt.sys
Address: 0xF7720000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:WINDOWSsystem32DRIVERSimapi.sys
Address: 0xF76F0000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7A94000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:WINDOWSsystem32DRIVERSipnat.sys
Address: 0xEE988000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:WINDOWSsystem32DRIVERSipsec.sys
Address: 0xEEACF000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7590000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:WINDOWSsystem32DRIVERSkbdclass.sys
Address: 0xF78B8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:WINDOWSsystem32KDCOM.DLL
Address: 0xF7A90000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:WINDOWSsystem32driverskmixer.sys
Address: 0xB9FE1000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:WINDOWSsystem32DRIVERSks.sys
Address: 0xF70E5000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73B2000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:WINDOWSsystem32DRIVERSmdmxsdk.sys
Address: 0xEC051000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:WINDOWSSystem32Driversmnmdd.SYS
Address: 0xF7AC6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:WINDOWSSystem32DriversModem.SYS
Address: 0xF78C8000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:WINDOWSsystem32DRIVERSmouclass.sys
Address: 0xF78C0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF75C0000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:WINDOWSsystem32DRIVERSmrxdav.sys
Address: 0xEBF54000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:WINDOWSsystem32DRIVERSmrxsmb.sys
Address: 0xEE779000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:WINDOWSSystem32DriversMsfs.SYS
Address: 0xF78F8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:WINDOWSsystem32DRIVERSmsgpc.sys
Address: 0xF7790000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:WINDOWSsystem32DRIVERSmssmbios.sys
Address: 0xF7A68000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72DE000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NAVENG.Sys
Image Path: C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120091104.009NAVENG.Sys
Address: 0xEB8F4000 Size: 78208 File Visible: - Signed: -
Status: -

Name: NavEx15.Sys
Image Path: C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120091104.009NavEx15.Sys
Address: 0xEB9A8000 Size: 1316864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72F8000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:WINDOWSsystem32DRIVERSndistapi.sys
Address: 0xF7A60000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:WINDOWSsystem32DRIVERSndisuio.sys
Address: 0xEC519000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:WINDOWSsystem32DRIVERSndiswan.sys
Address: 0xF6CA9000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:WINDOWSSystem32DriversNDProxy.SYS
Address: 0xF77B0000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:WINDOWSsystem32DRIVERSnetbios.sys
Address: 0xF7650000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:WINDOWSsystem32DRIVERSnetbt.sys
Address: 0xEE8C0000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:WINDOWSsystem32DRIVERSnic1394.sys
Address: 0xF7730000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:WINDOWSSystem32DriversNpfs.SYS
Address: 0xF7900000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7325000 Size: 574976 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:WINDOWSsystem32DRIVERSNTIDrvr.sys
Address: 0xF7AB8000 Size: 6912 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:WINDOWSsystem32ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:WINDOWSSystem32DriversNull.SYS
Address: 0xF7C26000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF75A0000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:WINDOWSsystem32DRIVERSOPRGHDLR.SYS
Address: 0xF7B59000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7818000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7450000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B58000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:WINDOWSsystem32DRIVERSPCIIDEX.SYS
Address: 0xF7810000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF7432000 Size: 120192 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: DriverPnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:WINDOWSsystem32driversportcls.sys
Address: 0xF6E9B000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:WINDOWSsystem32DRIVERSpsched.sys
Address: 0xF6C98000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:WINDOWSsystem32DRIVERSptilink.sys
Address: 0xF78D8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7820000 Size: 19936 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:WINDOWSsystem32DRIVERSrasacd.sys
Address: 0xF7299000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:WINDOWSsystem32DRIVERSrasl2tp.sys
Address: 0xF7760000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:WINDOWSsystem32DRIVERSraspppoe.sys
Address: 0xF7770000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:WINDOWSsystem32DRIVERSraspptp.sys
Address: 0xF7780000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:WINDOWSsystem32DRIVERSraspti.sys
Address: 0xF78E0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: FileSystemRAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:WINDOWSsystem32DRIVERSrdbss.sys
Address: 0xEE7E9000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:WINDOWSSystem32DRIVERSRDPCDD.sys
Address: 0xF7AC8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:WINDOWSsystem32DRIVERSredbook.sys
Address: 0xF7710000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xEBF0C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtlnicxp.sys
Image Path: C:WINDOWSsystem32DRIVERSRtlnicxp.sys
Address: 0xF6F14000 Size: 69760 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:Program FilesSUPERAntiSpywareSASDIFSV.SYS
Address: 0xF7920000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:Program FilesSUPERAntiSpywareSASENUM.SYS
Address: 0xEB0F7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:Program FilesSUPERAntiSpywareSASKUTIL.sys
Address: 0xEE814000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SAVRT.SYS
Image Path: C:Program FilesNorton Internet SecurityNorton AntiVirusSAVRT.SYS
Address: 0xEBAEA000 Size: 360448 File Visible: - Signed: -
Status: -

Name: SAVRTPEL.SYS
Image Path: C:Program FilesNorton Internet SecurityNorton AntiVirusSAVRTPEL.SYS
Address: 0xEE839000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:WINDOWSsystem32DRIVERSsdbus.sys
Address: 0xF6F26000 Size: 79232 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: serial.sys
Address: 0xF7600000 Size: 64512 File Visible: - Signed: -
Status: -

Name: SPBBCDrv.sys
Image Path: C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys
Address: 0xEE84C000 Size: 335872 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73C9000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:WINDOWSsystem32DRIVERSsrv.sys
Address: 0xEBE12000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:WINDOWSsystem32DRIVERSswenum.sys
Address: 0xF7ABC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: C:WINDOWSSystem32DriversSYMDNS.SYS
Address: 0xF7ACA000 Size: 5632 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:Program FilesSymantecSYMEVENT.SYS
Address: 0xEEA19000 Size: 118208 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: C:WINDOWSSystem32DriversSYMFW.SYS
Address: 0xEE9F0000 Size: 166080 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: C:WINDOWSSystem32DriversSYMIDS.SYS
Address: 0xF7908000 Size: 31168 File Visible: - Signed: -
Status: -

Name: symidsco.sys
Image Path: C:PROGRA~1COMMON~1SYMANT~1SymcDataidsdefs20091105.001symidsco.sys
Address: 0xEE9AE000 Size: 270336 File Visible: - Signed: -
Status: -

Name: symlcbrd.sys
Image Path: C:WINDOWSsystem32driverssymlcbrd.sys
Address: 0xF7980000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: C:WINDOWSSystem32DriversSYMNDIS.SYS
Address: 0xF7620000 Size: 41344 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:WINDOWSSystem32DriversSYMREDRV.SYS
Address: 0xF728D000 Size: 13056 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:WINDOWSSystem32DriversSYMTDI.SYS
Address: 0xEEA36000 Size: 260704 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:WINDOWSsystem32DRIVERSSynTP.sys
Address: 0xF70B6000 Size: 191456 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:WINDOWSsystem32driverssysaudio.sys
Address: 0xEBB7A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:WINDOWSsystem32DRIVERStcpip.sys
Address: 0xEEA76000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:WINDOWSsystem32DRIVERSTDI.SYS
Address: 0xF78D0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:WINDOWSsystem32DRIVERStermdd.sys
Address: 0xF77A0000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifm21.sys
Image Path: C:WINDOWSsystem32driverstifm21.sys
Address: 0xF6F3A000 Size: 160768 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:WINDOWSsystem32DRIVERSupdate.sys
Address: 0xF6B9A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:WINDOWSsystem32DRIVERSUSBD.SYS
Address: 0xF7ABA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:WINDOWSsystem32DRIVERSusbehci.sys
Address: 0xF78A8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:WINDOWSsystem32DRIVERSusbhub.sys
Address: 0xF77E0000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:WINDOWSsystem32DRIVERSusbohci.sys
Address: 0xF78A0000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:WINDOWSsystem32DRIVERSUSBPORT.SYS
Address: 0xF7108000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:WINDOWSSystem32driversvga.sys
Address: 0xF78F0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A96000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:WINDOWSsystem32DRIVERSVIDEOPRT.SYS
Address: 0xF712C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF75D0000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:WINDOWSsystem32DRIVERSwanarp.sys
Address: 0xF7630000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:WINDOWSSystem32watchdog.sys
Address: 0xF7928000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:WINDOWSsystem32driverswdmaud.sys
Address: 0xEB7C7000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: DriverWin32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:WINDOWSSystem32win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:WINDOWSsystem32DRIVERSwmiacpi.sys
Address: 0xF7A54000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:WINDOWSsystem32DRIVERSWMILIB.SYS
Address: 0xF7A92000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: DriverWMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Attached Files


Edited by The weatherman, 06 November 2009 - 03:10 PM.
Merged posts to keep the member on "0" replies.~Tw


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 11 November 2009 - 09:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 16 November 2009 - 09:36 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 23 November 2009 - 09:15 PM

Hi,

topic reopened, please post the log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 dlucca

dlucca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 24 November 2009 - 02:28 PM

combo fix log

ComboFix 09-11-03.03 - Daniel Parenti 11/23/2009 12:04.3.1 - NTFSx86
Running from: c:\documents and settings\Daniel Parenti\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-10-25 04:35 . 2009-10-25 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-25 04:17 . 2009-10-25 04:17 -------- d-----w- c:\program files\Common Files\Control Panels
2009-10-25 02:17 . 2009-10-25 02:21 -------- d-----w- C:\1f39fbdfca5601c257b7c569fd20bdf7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 07:08 . 2008-03-31 21:54 -------- d-----w- c:\documents and settings\Daniel Parenti\Application Data\FileZilla
2009-11-19 19:44 . 2005-05-12 04:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-18 21:49 . 2007-11-19 20:42 59 ----a-w- c:\windows\wpd99.drv
2009-11-18 21:49 . 2007-11-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-15 06:42 . 2009-06-13 19:44 -------- d-----w- c:\program files\iTunes
2009-11-15 06:40 . 2005-05-12 04:07 -------- d-----w- c:\program files\iPod
2009-11-15 06:40 . 2007-12-17 19:34 -------- d-----w- c:\program files\Common Files\Apple
2009-11-13 17:55 . 2009-03-04 22:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-13 09:34 . 2008-01-29 21:30 -------- d-----w- c:\program files\Norton Internet Security
2009-11-06 17:03 . 2009-11-06 17:03 -------- d-----w- c:\program files\Trend Micro
2009-10-27 20:38 . 2009-09-22 17:14 -------- d-----w- c:\program files\Bonjour
2009-10-27 20:37 . 2009-06-13 19:41 -------- d-----w- c:\program files\QuickTime
2009-10-27 20:21 . 2009-05-12 07:29 -------- d-----w- c:\program files\NCH Software
2009-10-27 20:19 . 2008-08-25 03:31 -------- d-----w- c:\program files\Safari
2009-10-25 03:04 . 2006-02-28 01:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 04:27 . 2005-10-26 03:42 320080 ----a-w- c:\documents and settings\Daniel Parenti\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 22:43 . 2009-10-23 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-10-21 17:48 . 2008-03-31 21:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-20 20:54 . 2009-10-20 20:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-20 20:54 . 2005-05-12 03:51 -------- d-----w- c:\program files\Microsoft Works
2009-10-20 20:33 . 2009-10-20 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 20:31 . 2009-10-20 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS(4)
2009-10-20 20:31 . 2009-10-20 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS(3)
2009-10-20 20:30 . 2009-10-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS(2)
2009-10-08 02:37 . 2007-09-28 06:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-02 05:54 . 2005-10-25 17:24 -------- d-----w- c:\documents and settings\Daniel Parenti\Application Data\Apple Computer
2009-09-11 14:18 . 2008-09-02 05:59 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-09-02 05:59 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 08:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-09-02 06:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-09-02 05:59 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-29 02:42 . 2009-05-12 00:55 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2007-12-17 19:35 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2008-09-02 05:59 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-01-05 05:06 . 2006-01-05 05:06 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_08.45.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-05-15 09:02 . 2003-05-15 09:02 10809 c:\windows\system32\spool\drivers\w32x86\ad2kregp.dll
+ 2003-05-15 09:02 . 2003-05-15 09:02 10809 c:\windows\system32\spool\drivers\w32x86\3\AD2KREGP.DLL
- 2007-10-12 22:33 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2007-10-12 22:33 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2004-08-07 13:10 . 2009-11-04 08:47 91964 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2009-11-16 04:43 91964 c:\windows\system32\perfc009.dat
- 2008-11-04 20:35 . 2008-11-04 20:35 23558 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000001}\ARPPRODUCTICON.exe
+ 2009-11-17 19:02 . 2009-11-17 19:02 23558 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000001}\ARPPRODUCTICON.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2002-10-07 02:11 . 2002-10-07 02:11 455168 c:\windows\system32\spool\drivers\w32x86\pscript5.dll
+ 2002-10-07 02:11 . 2002-10-07 02:11 129024 c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-05-15 08:55 . 2003-05-15 08:55 114688 c:\windows\system32\spool\drivers\w32x86\ad2kuigp.dll
+ 2002-10-07 02:11 . 2002-10-07 02:11 455168 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2002-10-07 02:11 . 2002-10-07 02:11 129024 c:\windows\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2003-05-15 08:55 . 2003-05-15 08:55 114688 c:\windows\system32\spool\drivers\w32x86\3\AD2KUIGP.DLL
- 2004-08-07 13:10 . 2009-11-04 08:47 507940 c:\windows\system32\perfh009.dat
+ 2004-08-07 13:10 . 2009-11-16 04:43 507940 c:\windows\system32\perfh009.dat
- 2004-08-07 13:02 . 2009-10-24 04:23 925784 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-07 13:02 . 2009-11-15 16:26 925784 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-15 06:35 . 2009-11-15 06:35 796672 c:\windows\Installer\732152b.msi
+ 2009-11-15 06:42 . 2009-11-15 06:42 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2005-10-25 02:52 . 2009-11-15 16:25 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
- 2005-10-25 02:52 . 2009-10-23 19:16 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2009-11-05 17:24 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-05 17:24 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2008-09-02 05:59 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 08:00 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
- 2004-08-04 08:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
+ 2008-10-15 05:26 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
- 2006-05-19 15:08 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2006-05-19 15:08 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-17 19:02 . 2009-11-23 19:12 3852288 c:\windows\Installer\c9cdc.msi
+ 2009-09-30 23:11 . 2009-09-30 23:11 8409088 c:\windows\Installer\94f0c23.msp
+ 2009-11-15 06:42 . 2009-11-15 06:42 4454912 c:\windows\Installer\7321ccb.msi
+ 2009-11-05 17:24 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2005-10-26 02:45 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
+ 2009-10-09 02:04 . 2009-10-09 02:04 17510400 c:\windows\Installer\94f0c10.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-13 2001648]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2009-03-14 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-04-19 34432]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-20 22:50 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbnz1x1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\MA763008.sys [x]
R3 MADFU008;MADFU008;c:\windows\system32\DRIVERS\MADFU008.sys [x]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-13 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-20 74480]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2005-12-24 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]

2009-11-08 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 1300 seriesA3652443A372B157BFD83129692C2C2475483DE7134009070.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 02:50]

2009-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Daniel Parenti.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-01-10 20:54]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\update
FF - ProfilePath - c:\documents and settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1389346543-3582817539-654022854-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,e4,03,00,00,e0,0c,00,00,00,00,00,00,16,\
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-1389346543-3582817539-654022854-1007\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13F349B9-62B5-49AE-BAFE-94B8A58D5B92}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14C84343-AA77-4C61-BA82-8B8E282959E3}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17EE5D1C-A2FB-44CB-84FC-8F30DB69EF8B}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1859075C-747A-46EF-A358-F99F127BA626}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2BF17481-EAC9-4916-9C08-2DCF9E158CB0}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2BF17481-EAC9-4916-9C08-2DCF9E158CB0}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{351341BD-C1F4-4F0E-B77A-3DF69FE43D79}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38377811-57A6-45C4-B5D8-987D5C3A536D}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48EF620C-07E8-45B1-9BEF-34F35644DA44}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4A488E1D-70AD-4E46-A9F6-D723B049AB43}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{504C17B3-435F-4AA3-9D11-E18BE72CDFE6}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53BA84DF-97F6-448D-8DCD-BA16D7C5215C}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{590491A6-A95B-413B-9F95-06931B6170A8}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{779D27CA-4A2B-4A6E-8F28-8A6DA78AC15F}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99740EA7-1D02-4D14-9681-CCADAD486721}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9CD2C438-F8EA-4E77-A6D2-9346EC389E01}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EB6926E-91AB-487B-89E2-0A0C5AE30AD2}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF3C2385-674C-40DC-ABB0-C831C87F871C}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CDF86C25-C65A-4ABB-B620-26411BF85FC3}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D4595BF8-1CA4-4ACB-9C15-4B3C29A765F3}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E353A52E-ADD0-426D-A7D3-4D750940BF1F}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E37D5BA5-3EF4-4D29-AE90-2BE5FA859731}\Implemented Categories\{FD8ABB6D-B549-4a66-94A9-3C360CD70490}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF585A09-6616-45BB-BF02-2D12E195D318}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F884744E-12E0-4FCB-ABEF-4E32309BE830}\Implemented Categories\{390f9e99-171d-4a3b-a185-a0e495ba86d0}]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\muvee.Document\CLSID]
@DACL=(02 0000)
@SACL=
@="{F1705B22-896D-11D4-A0E7-0050DA8D4924}"

[HKEY_LOCAL_MACHINE\software\Classes\muvee.Document\DefaultIcon]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\MUVEET~1\\MUVEEA~1.0-S\\muveeapp.exe,1"

[HKEY_LOCAL_MACHINE\software\Classes\muvee.Document\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
@DACL=(02 0000)
@SACL=
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-23 12:14
ComboFix-quarantined-files.txt 2009-11-23 20:12
ComboFix2.txt 2009-11-04 22:40
ComboFix3.txt 2009-11-04 16:24

Pre-Run: 10,778,836,992 bytes free
Post-Run: 10,992,357,376 bytes free

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 24 November 2009 - 03:56 PM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own


I would like to see the logs from OTL instead, I asked for in my first reply:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 dlucca

dlucca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 27 November 2009 - 06:10 PM

Thanks


OTL logfile created on: 11/27/2009 2:59:44 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Daniel Parenti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 551.93 Mb Available Physical Memory | 53.98% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 9.23 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EROWAN
Current User Name: Daniel Parenti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/27 14:58:21 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Parenti\Desktop\OTL.exe
PRC - [2009/11/23 16:45:40 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/24 12:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/13 16:26:42 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
PRC - [2009/02/24 09:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/18 13:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 12:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 13:29:34 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2008/01/17 11:42:02 | 00,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2005/08/03 19:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/03 19:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2005/04/11 14:21:02 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/17 08:50:22 | 00,847,983 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/02/17 08:50:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/02/17 08:50:20 | 01,040,384 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2005/02/02 04:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 04:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/07/21 16:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2009/11/27 14:58:21 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Parenti\Desktop\OTL.exe
MOD - [2005/02/02 04:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/24 22:05:02 | 00,197,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2003/02/21 09:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/23 13:19:49 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/24 09:38:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/01/13 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/29 13:29:34 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/28 13:26:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/01/17 11:42:04 | 00,079,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)
SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/08/03 19:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2005/03/30 16:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/02/17 08:50:22 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/21 16:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/10/20 14:50:27 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/26 00:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/26 00:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/13 09:03:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/09 14:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20091110.002\symidsco.sys -- (SYMIDSCO)
DRV - [2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/10/23 00:58:36 | 01,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/29 13:29:34 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/28 18:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 18:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/03/28 18:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/03/28 18:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/03/28 18:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/09/15 22:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/16 21:46:05 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/01/13 23:40:58 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/03 19:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/16 14:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/04 08:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/31 08:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/22 06:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/03/22 06:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 06:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 06:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 08:14:52 | 00,346,496 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 08:14:52 | 00,037,760 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/07 14:59:50 | 00,050,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2005/03/07 14:59:44 | 00,338,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2005/02/02 03:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/11 15:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 00:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/07/21 16:24:02 | 00,341,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/28 02:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/08/11 00:07:38 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/08/11 00:07:38 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/08/11 00:07:38 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/06/06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 11:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 07:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [1999/09/10 11:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\S-1-5-21-1389346543-3582817539-654022854-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\S-1-5-21-1389346543-3582817539-654022854-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "www.google.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/24 09:38:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/23 19:48:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/23 16:35:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 16:35:21 | 00,000,000 | ---D | M]

[2009/02/24 09:47:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Extensions
[2009/02/24 09:47:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/10/20 21:39:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\extensions
[2009/10/20 12:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/10/20 12:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/10/20 12:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\extensions\OberonGameHost@OberonGames.com
[2009/02/24 18:06:38 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\Application Data\Mozilla\Firefox\Profiles\7pid077b.default\searchplugins\ask.xml
[2009/11/26 18:53:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/24 09:39:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2005/04/27 12:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2007/02/20 15:04:02 | 02,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/02/08 22:15:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/02/08 22:15:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/02/08 22:15:03 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/02/08 22:15:03 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-1389346543-3582817539-654022854-1007\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1243632865312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://atl.img.digitalriver.com/v2.0-img/o...ol/SymDlBrg.cab (Symantec Download Bridge)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 14:58:17 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Parenti\Desktop\OTL.exe
[2009/11/25 15:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Parenti\Desktop\Jovan
[2009/11/23 12:14:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/23 12:01:43 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/23 11:39:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/23 11:39:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/23 11:38:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/23 11:38:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/17 11:00:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0
[2009/11/14 21:51:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Parenti\Desktop\Resumes
[2009/11/06 09:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/04 00:16:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/04 00:06:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/04 00:04:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/02 10:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Parenti\Desktop\Dan Resumes
[2009/11/02 08:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Parenti\Desktop\Wedding
[2006/01/04 21:06:59 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/11/27 14:58:21 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Parenti\Desktop\OTL.exe
[2009/11/27 12:22:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 12:01:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/27 12:01:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/27 12:00:49 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\ntuser.dat
[2009/11/27 12:00:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Daniel Parenti\ntuser.ini
[2009/11/25 23:25:01 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 22:07:27 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/25 12:14:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 23:00:29 | 00,000,141 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\default.pls
[2009/11/24 23:00:27 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/23 16:35:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 12:06:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/23 11:13:22 | 01,222,211 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\Desktop\Daniel Lucca Parenti - Lost Warrant.pdf
[2009/11/20 20:00:00 | 00,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Daniel Parenti.job
[2009/11/20 16:57:53 | 00,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/11/20 15:52:49 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\Desktop\1381100_1.DOC
[2009/11/18 13:49:34 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2009/11/18 12:46:55 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\Desktop\Microsoft Word.lnk
[2009/11/17 11:01:49 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2009/11/17 11:01:49 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2009/11/15 20:43:39 | 00,609,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/15 20:43:39 | 00,507,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/15 20:43:39 | 00,091,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/15 08:26:38 | 00,925,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 23:23:16 | 31,892,480 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/11/11 23:23:06 | 26,177,536 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/11/11 22:40:12 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\My Documents\Therefore shall a man leave his father and his mother.doc
[2009/11/11 20:45:17 | 00,000,022 | ---- | M] () -- C:\WINDOWS\kodakpcd.Daniel Parenti.ini
[2009/11/10 10:02:33 | 00,367,104 | ---- | M] () -- C:\Documents and Settings\Daniel Parenti\My Documents\Cody B - resume.doc
[2009/11/07 18:34:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1134009070.job
[2009/11/04 00:45:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 00:16:17 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 00:04:19 | 03,533,737 | R--- | M] () -- C:\Documents and Settings\Daniel Parenti\Desktop\ComboFix.exe

========== Files Created - No Company Name ==========

[2009/11/23 16:35:24 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 11:39:00 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/23 11:39:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/23 11:38:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/23 11:38:59 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/23 11:38:59 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/23 11:13:22 | 01,222,211 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Desktop\Daniel Lucca Parenti - Lost Warrant.pdf
[2009/11/17 11:01:49 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2009/11/17 11:01:49 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2009/11/14 22:42:05 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/11 20:45:17 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Daniel Parenti.ini
[2009/11/11 19:18:16 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Desktop\1381100_1.DOC
[2009/11/04 00:16:16 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/04 00:16:09 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/04 00:03:51 | 03,533,737 | R--- | C] () -- C:\Documents and Settings\Daniel Parenti\Desktop\ComboFix.exe
[2009/10/23 14:01:26 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/05/11 15:41:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/11 15:41:21 | 00,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/05/11 15:41:20 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/11 15:41:20 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/11 15:41:19 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/11 15:41:17 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/11 15:41:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/12 21:11:06 | 00,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/04 17:16:36 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Application Data\$_hpcst$.hpc
[2007/12/14 09:51:02 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/19 12:47:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/11/19 12:42:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/11/19 12:42:57 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/09/30 12:26:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/07/02 16:36:40 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/20 23:34:32 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/16 21:49:03 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2006/01/16 21:46:07 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2006/01/14 12:49:51 | 00,000,054 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/01/13 23:40:43 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/01/13 23:40:42 | 01,204,224 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2006/01/13 23:40:40 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2006/01/13 23:40:38 | 00,946,176 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2006/01/04 20:21:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/12/07 18:38:59 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Local Settings\Application Data\fusioncache.dat
[2005/12/06 20:16:23 | 00,004,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/25 19:42:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Application Data\wklnhst.dat
[2005/10/25 18:47:06 | 00,095,232 | ---- | C] () -- C:\Documents and Settings\Daniel Parenti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/24 18:53:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/11 20:02:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 20:02:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 20:02:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 20:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 20:02:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/07 05:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 11:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/08/11 00:07:40 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
< End of report >



extras


OTL Extras logfile created on: 11/27/2009 2:59:44 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Daniel Parenti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 551.93 Mb Available Physical Memory | 53.98% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 9.23 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EROWAN
Current User Name: Daniel Parenti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1389346543-3582817539-654022854-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A947CBB-4F5E-38D8-F49E-6C2C0D9D848E}" = Catalyst Control Center Graphics Previews Common
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{30DE45EC-48B3-7617-193A-7B4CDCE18D22}" = Skins
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5C08205C-C9E0-A607-9EB1-EB0D7C5659B3}" = Catalyst Control Center Core Implementation
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{845AF1DD-3618-471F-9745-B1CD9378F669}" = Symantec SCSSDist MSI
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A2EB5A-8446-1554-235A-D174E39AF4E5}" = Catalyst Control Center Graphics Full Existing
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = TIxx21
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3E3EAEC-A20E-48EE-B161-A43B552D5465}" = Personal Color Viewer 2.0
"{B48442EE-FF84-3A89-CA50-EA2D1C64733E}" = ccc-utility
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC1086AD-1635-01EF-3137-04AB16B46F9F}" = ccc-core-preinstall
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D01B4212-C867-9074-217D-B40BB5A578FE}" = Catalyst Control Center Graphics Full New
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DCFF3DB2-0E96-6DF5-DF22-AB1C18CF5E86}" = Catalyst Control Center Graphics Light
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE9D0AF5-08ED-70A5-66FA-4C3B3E2A85E8}" = Catalyst Control Center HydraVision Full
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FBB6D1D6-BD35-50E0-37B7-375BAB8E199B}" = CCC Help English
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0033)
"FileZilla Client" = FileZilla Client 3.2.8.1
"HijackThis" = HijackThis 2.0.2
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = Texas Instruments PCIxx21/x515 drivers.
"jet_fighter_2015_usa" = JETFIGHTER 2015
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"RollerCoaster Tycoon Setup" = RolllayN
"Sibelius v3.1" = Sibelius v3.1
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2009 9:23:24 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/26/2009 10:48:30 AM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/26/2009 10:53:30 AM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/26/2009 10:58:30 AM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/26/2009 11:03:30 AM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/27/2009 3:30:59 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/27/2009 4:07:01 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/27/2009 4:12:01 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/27/2009 4:17:01 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 11/27/2009 4:22:01 PM | Computer Name = EROWAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

[ System Events ]
Error - 11/25/2009 9:51:35 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/26/2009 10:43:45 AM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/26/2009 3:09:10 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/26/2009 10:37:10 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/26/2009 11:11:48 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/26/2009 11:37:38 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/26/2009 11:56:06 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/27/2009 2:30:53 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/27/2009 3:26:14 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 11/27/2009 4:02:16 PM | Computer Name = EROWAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 28 November 2009 - 10:57 AM

Hi,

I can not see signs of ask in your logs. Could you please describe the problems you are still having.

Please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please also run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dlucca

dlucca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 01 December 2009 - 02:22 PM

Hello,

I will run those scans as requested......

Also you are right I am not getting the toolbar.ask anymore........ now I frequently get this....

Firefox can't find the file at jar:file:///C:/Program Files/Mozilla Firefox/chrome/browser.jar!/content/browser/www.google.comwww.google.com.

I don't know what is going on...........

getting to those scans

thanks

D

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 02 December 2009 - 03:37 PM

Hi,

please try emptying your Cache and let me know if that helps:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 dlucca

dlucca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 09 December 2009 - 09:22 PM

Here are those gwer scans

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-09 18:00:01
Windows 5.1.2600 Service Pack 3
Running: qlewm1oh.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\uxtdapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACdqerpoia.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACdqerpoia.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACbnjwyfkt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACfvaljnqm.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAComdrhugo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACkwoybirc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACwjnepdkj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACtqudgxuw.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACtubobngs.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACtgtovgpr.log
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1
Reg HKLM\SOFTWARE\Classes\muvee.Document\CLSID@ {F1705B22-896D-11D4-A0E7-0050DA8D4924}
Reg HKLM\SOFTWARE\Classes\muvee.Document\DefaultIcon@ C:\PROGRA~1\MUVEET~1\MUVEEA~1.0-S\muveeapp.exe,1
Reg HKLM\SOFTWARE\Classes\muvee.Document\shell\open
Reg HKLM\SOFTWARE\Classes\muvee.Document\shell\open\command
Reg HKLM\SOFTWARE\Classes\muvee.Document\shell\open\command@ C:\PROGRA~1\MUVEET~1\MUVEEA~1.0-S\muveeapp.exe "%1"
Reg HKLM\SOFTWARE\Classes\muvee.Document\shell\print
Reg HKLM\SOFTWARE\Classes\muvee.Document\shell\printto
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@Upgrade 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Mode 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos800x600(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Sort 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@SortDir 1
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@Col 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ColInfo 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos800x600(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@FFlags 548
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1280x800(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos1280x800(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos640x480(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos640x480(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos1280x800(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos2048x1536(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos2048x1536(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos2048x1536(1) 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos512x384(1).x 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ScrollPos512x384(1).y 0
Reg HKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop@ItemPos512x384(1) 0x00 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----


see anything alarming?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 11 December 2009 - 11:47 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

The gmer scan looks good. Have you done the malwarebytes scan as well? Could I see the log?

Did emptying your cache help with your firefox issue?

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:15 PM

Posted 21 December 2009 - 08:39 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users