Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vundo Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 EPWNeedsHelp

EPWNeedsHelp

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 19 January 2010 - 07:37 AM

Good morning to all,
About a week ago I began having problems with my computer, an HP desktop running Vista. On startup I would get error notifications that various programs and services had not started properly and needed to close. I also would get pop ups in IE to download and run anti-virus software. I ran AVG and Malwarebytes and found and removed numerous objects, but still seem to be having problems. I went through the tutorial and ran DDS and attempted to run Rootrepeal, but Rootrepeal continues to freeze the whole system everytime I run it. Please help!
Thank you


DDS (Ver_09-12-01.01) - NTFSx86
Run by Martina at 21:57:56.92 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1680 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Upromise\dca-ua.exe
C:\Program Files\Upromise\UpromiseTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Martina\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Upromise Update] c:\program files\upromise\dca-ua.exe
uRun: [Upromise Tray] c:\program files\upromise\UpromiseTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\thecleaner.exe" /runcleanupscript
StartupFolder: c:\users\martina\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\martina\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: residensealtd.com\rseavpn
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://rseavpn.residensealtd.com/XTSAC.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://rseavpn.residensealtd.com/MLWebCacheCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-30 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-30 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-30 360584]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-1 285392]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-15 38224]

=============== Created Last 30 ================

2010-01-16 04:54:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 04:54:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 04:54:01 0 d-----w- c:\programdata\Malwarebytes
2010-01-16 04:54:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 02:33:55 0 d-----w- C:\TheSuperTool
2010-01-13 16:20:36 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 16:20:36 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:20:34 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-01-13 04:22:27 0 d-----w- c:\users\martina\appdata\roaming\Malwarebytes
2010-01-12 19:45:10 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-12 19:45:09 0 d-----w- c:\users\martina\Office Genuine Advantage
2010-01-12 19:44:41 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-12 19:44:40 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-12 19:35:24 247823899 ----a-w- c:\windows\MEMORY.DMP

==================== Find3M ====================

2009-12-06 14:15:57 2284 ----a-w- c:\users\martina\appdata\roaming\wklnhst.dat
2009-12-02 08:17:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 08:17:53 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 08:17:53 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-02 08:17:53 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 08:17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-02 08:17:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-02 01:45:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 01:45:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 01:44:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-30 22:12:13 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-05 21:16:50 737280 ----a-w- c:\windows\iun6002.exe
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-06 23:46:29 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:59:46.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 January 2010 - 12:25 AM

Just wanted to give some updated information in regards to my infection. I have attempted to use the System Restore but upon rebooting an error is generated saying the system restore failed. I also seem to have lost the ability to connect to the internet using either IE or Firefox, but occasionally browser windows will pop open and attempt to browse to rivalnetwork.cn or somesuch site, but these inevitably fail to connect. Not sure if this information is of any use, but anything to help you help me thumbup.gif


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 22 January 2010 - 09:22 AM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 25 January 2010 - 09:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 25 January 2010 - 08:25 PM

Myrti,
Thank you for getting back to me. I am happy to say that I believe I am making progress in ridding myself of this infection. However, I am not confident that I have beaten it and it had been quite difficult so I would love to know for sure that I am rid of it. For your information, I believe that I was infected on Jan 13 , 2010. First I was having trouble with IE and multiple windows would pop open and take me to sites advertising virus removal software. Then pornography links were placed on the desktop. At that point I attempted to clean things and was unable to run AVG or Malwarebytes and IE would not work at all. Since then I have attempted to run scans in safe mode and I have used rkill and rootrepeal to try and fix things. The virus, as far as I can tell, is rootkit.tdss and I think that running rootrepeal in safemode I was able to remove the driver and was then finally able to find and remove some files using Malwarebytes. I also have purchased and installed Norton 360 on my computer in the past couple of days (actually the computer is my mothers and she purchased and installed Norton against my wishes tongue.gif ).

Here are the two logs produced by OTL:

OTL logfile created on: 1/25/2010 8:03:42 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Martina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 202.87 Gb Free Space | 70.83% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.59 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 294.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 218.63 Gb Free Space | 93.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 62.04 Mb Total Space | 9.93 Mb Free Space | 16.00% Space Free | Partition Type: FAT

Computer Name: MARTINA-PC
Current User Name: Martina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 20:02:25 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Downloads\OTL.exe
PRC - [2010/01/24 07:39:46 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2010/01/15 22:09:37 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/09 10:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/27 01:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/09/04 06:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/07/16 05:25:20 | 00,094,208 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\KBD\kbd.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 20:02:25 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/24 07:39:46 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 10:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/27 01:51:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/09/04 06:34:46 | 00,403,968 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 14:56:39 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/24 10:34:16 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100125.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/24 10:34:16 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/01/24 10:34:16 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/24 10:34:16 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100125.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/24 07:39:47 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP)
DRV - [2010/01/24 07:39:47 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/24 07:39:47 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/24 07:39:47 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/24 07:39:47 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/24 07:39:47 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/24 07:39:47 | 00,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/01/24 07:39:47 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/24 07:39:47 | 00,026,600 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/01/24 07:39:47 | 00,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/10/28 17:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/05/19 12:34:47 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/27 01:51:00 | 07,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/24 12:31:06 | 02,171,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/10 07:48:20 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 07:47:18 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/10 07:46:22 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 06:34:34 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 07:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 11:12:50 | 00,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 11:12:22 | 00,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 00,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:49 | 00,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:27 | 00,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 12:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\S-1-5-21-3270381449-1547458226-2771678256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 23:14:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 23:14:09 | 00,000,000 | ---D | M]

[2010/01/21 23:14:20 | 00,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\Mozilla\Extensions
[2010/01/21 23:14:20 | 00,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\op012v74.default\extensions
[2010/01/25 17:45:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/13 21:45:59 | 00,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\thecleaner.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\..Trusted Domains: residensealtd.com ([rseavpn] https in Trusted sites)
O15 - HKU\S-1-5-21-3270381449-1547458226-2771678256-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://rseavpn.residensealtd.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://rseavpn.residensealtd.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/07 23:41:20 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\{786add47-c15a-11de-8f8d-00248c079e09}\Shell\AutoRun\command - "" = L:\WDSetup.exe -- File not found
O33 - MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell\Install\Command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{f8ff01fb-0663-11de-b1c0-00248c079e09}\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
O33 - MountPoints2\E\Shell\Install\Command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/25 07:40:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2010/01/24 15:12:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2010/01/24 15:02:15 | 00,000,000 | ---D | C] -- C:\Users\Martina\Documents\Symantec
[2010/01/24 14:57:09 | 00,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/24 14:57:09 | 00,026,600 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/24 07:40:16 | 00,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/01/24 07:40:12 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/24 07:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/01/24 07:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/24 07:39:47 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/01/24 07:39:47 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/01/24 07:39:47 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/01/24 07:39:47 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/01/24 07:39:47 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/01/24 07:39:47 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symfw.sys
[2010/01/24 07:39:47 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/01/24 07:39:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/01/24 07:39:47 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndis.sys
[2010/01/24 07:39:47 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symids.sys
[2010/01/24 07:39:32 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/01/24 07:39:32 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0305020.00B
[2010/01/24 07:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/01/24 07:38:23 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/01/23 13:55:36 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Symantec
[2010/01/23 13:49:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/23 09:18:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/23 09:18:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/23 09:18:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/23 08:44:09 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martina\Desktop\mbam-setup.exe
[2010/01/22 00:06:58 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/21 23:50:33 | 00,000,000 | ---D | C] -- C:\Users\Martina\Desktop\tools
[2010/01/21 23:14:14 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Mozilla
[2010/01/21 23:14:14 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Mozilla
[2010/01/21 23:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/21 22:51:51 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/21 22:51:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 22:51:51 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 22:51:51 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/21 22:30:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/01/21 22:29:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/01/21 07:59:14 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/21 07:59:14 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/21 07:59:09 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\PC Tools
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/18 15:36:29 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/15 23:54:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/14 07:42:03 | 00,000,000 | ---D | C] -- C:\Users\Martina\Desktop\DVD_VIDEO_RECORDER
[2010/01/13 11:20:36 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 11:20:36 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 23:22:27 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Malwarebytes
[2010/01/12 14:45:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/01/12 14:45:09 | 00,000,000 | ---D | C] -- C:\Users\Martina\Office Genuine Advantage
[2010/01/12 14:35:29 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/11 19:34:35 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/05/19 12:34:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Martina\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/01/25 20:03:16 | 02,883,584 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT
[2010/01/25 19:44:26 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/25 19:44:26 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/25 19:00:46 | 01,855,728 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010/01/25 17:50:54 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/25 17:50:54 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/25 17:50:54 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/25 17:44:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/25 17:44:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/25 17:44:03 | 30,853,69344 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 15:47:26 | 00,524,288 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/25 15:47:26 | 00,065,536 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/25 15:47:07 | 02,096,440 | -H-- | M] () -- C:\Users\Martina\AppData\Local\IconCache.db
[2010/01/24 15:16:14 | 16,369,3331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/24 15:01:40 | 00,000,898 | ---- | M] () -- C:\ProgramData\h8srtkrl32mainweq.dll
[2010/01/24 14:56:39 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/24 14:56:39 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/24 14:56:39 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/24 14:56:37 | 00,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/01/24 12:26:20 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2010/01/24 12:24:02 | 00,464,491 | ---- | M] () -- C:\Users\Martina\Desktop\RootRepeal.zip
[2010/01/24 11:23:23 | 11,408,50688 | -HS- | M] () -- C:\NRTPage.sys
[2010/01/24 07:39:47 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/01/24 07:39:47 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/01/24 07:39:47 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/01/24 07:39:47 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/01/24 07:39:47 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/01/24 07:39:47 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symfw.sys
[2010/01/24 07:39:47 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/01/24 07:39:47 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/01/24 07:39:47 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndis.sys
[2010/01/24 07:39:47 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symids.sys
[2010/01/24 07:39:47 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/24 07:39:47 | 00,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/01/24 07:39:43 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/24 07:39:38 | 00,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/01/24 07:39:38 | 00,001,752 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/01/24 07:39:38 | 00,001,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/01/24 07:39:38 | 00,001,561 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/01/24 07:39:38 | 00,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/01/24 07:39:38 | 00,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/01/24 07:39:38 | 00,000,640 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/01/24 07:39:38 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010/01/24 07:39:32 | 00,009,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/01/24 07:39:32 | 00,009,402 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/01/24 07:39:32 | 00,007,431 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/01/24 07:39:32 | 00,007,429 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/01/24 07:39:32 | 00,007,425 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/01/24 07:39:32 | 00,007,400 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/01/24 07:39:32 | 00,007,383 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/01/23 09:18:14 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 08:36:46 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martina\Desktop\mbam-setup.exe
[2010/01/23 08:26:55 | 00,001,012 | ---- | M] () -- C:\ProgramData\h8srtmainqt.dll
[2010/01/21 23:32:41 | 05,292,054 | ---- | M] () -- C:\Users\Martina\Desktop\New Bitmap Image.bmp
[2010/01/21 23:14:10 | 00,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/21 22:45:13 | 00,007,052 | ---- | M] () -- C:\Users\Martina\AppData\Local\d3d9caps.dat
[2010/01/21 07:59:13 | 00,001,721 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/17 22:03:18 | 00,000,000 | ---- | M] () -- C:\Users\Martina\Desktop\settings.dat
[2010/01/15 23:24:13 | 00,421,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/15 22:44:46 | 00,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/01/13 21:45:59 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/12 14:45:10 | 00,069,120 | ---- | M] () -- C:\Users\Martina\Documents\gust list 11.09.xls
[2010/01/12 09:13:23 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 16:02:26 | 00,195,355 | ---- | M] () -- C:\Users\Martina\Desktop\eCompanionClassSetupFormV1g.pdf

========== Files Created - No Company Name ==========

[2010/01/25 01:09:53 | 30,853,69344 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 15:18:07 | 00,464,491 | ---- | C] () -- C:\Users\Martina\Desktop\RootRepeal.zip
[2010/01/24 12:26:20 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2010/01/24 08:54:10 | 01,855,728 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010/01/24 07:40:12 | 00,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/24 07:40:12 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/24 07:39:52 | 00,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/01/24 07:39:38 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/01/24 07:39:38 | 00,001,752 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/01/24 07:39:38 | 00,001,562 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/01/24 07:39:38 | 00,001,561 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/01/24 07:39:38 | 00,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/01/24 07:39:38 | 00,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/01/24 07:39:38 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/01/24 07:39:38 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010/01/24 07:39:32 | 00,009,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/01/24 07:39:32 | 00,009,402 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/01/24 07:39:32 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/01/24 07:39:32 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/01/24 07:39:32 | 00,007,425 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/01/24 07:39:32 | 00,007,400 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/01/24 07:39:32 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/01/24 01:44:02 | 11,408,50688 | -HS- | C] () -- C:\NRTPage.sys
[2010/01/23 09:18:14 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 08:26:55 | 00,001,012 | ---- | C] () -- C:\ProgramData\h8srtmainqt.dll
[2010/01/21 23:32:16 | 05,292,054 | ---- | C] () -- C:\Users\Martina\Desktop\New Bitmap Image.bmp
[2010/01/21 23:14:10 | 00,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/21 07:59:14 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/21 07:59:14 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/21 07:59:13 | 00,001,721 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/21 07:59:09 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/21 07:29:00 | 00,000,898 | ---- | C] () -- C:\ProgramData\h8srtkrl32mainweq.dll
[2010/01/17 22:03:18 | 00,000,000 | ---- | C] () -- C:\Users\Martina\Desktop\settings.dat
[2010/01/12 14:35:24 | 16,369,3331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/12 09:13:23 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 16:02:25 | 00,195,355 | ---- | C] () -- C:\Users\Martina\Desktop\eCompanionClassSetupFormV1g.pdf
[2009/10/11 08:18:56 | 00,024,206 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\UserTile.png
[2009/09/17 00:28:17 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/19 12:35:12 | 00,000,034 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.log
[2009/05/19 12:34:47 | 00,081,920 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\ezpinst.exe
[2009/05/19 12:34:47 | 00,007,176 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.cat
[2009/05/19 12:34:47 | 00,001,144 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.inf
[2009/03/13 06:36:57 | 00,007,052 | ---- | C] () -- C:\Users\Martina\AppData\Local\d3d9caps.dat
[2009/03/12 18:20:47 | 00,016,896 | ---- | C] () -- C:\Users\Martina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 17:20:59 | 00,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/01 19:54:43 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/24 21:15:36 | 00,002,284 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\wklnhst.dat
[2009/02/24 21:03:34 | 00,000,030 | ---- | C] () -- C:\Windows\System32\wincon.ini
[2009/02/24 21:03:33 | 00,181,760 | ---- | C] () -- C:\Windows\System32\PATCHW32.DLL
[2008/11/06 18:57:10 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/06 18:57:10 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >


OTL Extras logfile created on: 1/25/2010 8:03:42 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Martina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 202.87 Gb Free Space | 70.83% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.59 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 294.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 218.63 Gb Free Space | 93.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 62.04 Mb Total Space | 9.93 Mb Free Space | 16.00% Space Free | Partition Type: FAT

Computer Name: MARTINA-PC
Current User Name: Martina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3270381449-1547458226-2771678256-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021247EB-AB91-46AE-905F-907C77201A2A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{02EBC362-5220-4F23-89D3-943B1D424674}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0AB3B0AF-5520-4FE1-9B24-0B9F2F08511D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11654400-4DD1-4995-8D02-788D0E425E9B}" = rport=137 | protocol=17 | dir=out | app=system |
"{15FA3C4F-BCF2-4035-9963-B39E127654D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29D8BF58-3590-4131-81FB-22BCE6175FF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A8EF956-26BC-4647-A525-FB62ED14E1BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{3013D260-A002-4809-9D3C-ED54196918A5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{35811DC2-3ED9-4746-A9CC-F979EE472754}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37F37406-4BFB-47F3-8A9F-E61DA6508D1E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4569636E-76B9-4D64-80A9-2DE477FDDE1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4CBE7056-27EA-40EA-ADC4-6E4B2F5F2CC5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5AAE8AC6-082B-41F6-AF7E-5843DB2B4B3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75F0080C-8031-48B2-B780-2F8746CDE7C2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{7B3162B1-E249-41BB-8E21-1896D9380BAC}" = rport=445 | protocol=6 | dir=out | app=system |
"{83C43931-7909-46A1-A41F-26E3D1CFF634}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EE48258-16C3-4F9B-A00A-87A2E64C4B38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97570FE9-D031-47C4-9AFF-D861D6900155}" = lport=139 | protocol=6 | dir=in | app=system |
"{A251F058-00A7-436B-A05C-50E58BF5ADC2}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A76FD743-49F9-4681-81BE-33EB41008FED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB218F71-7EC9-4CE1-A8D8-08C33FCFB9CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC05AB83-00FD-4C48-9646-34CDBD88EB4E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ADF8CF97-4F01-4801-97F5-5A03A6F433FF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AECAF152-BA43-45A3-AA05-2569E815BC83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAB7C6D0-25E5-429B-A32A-BC43C6E1B566}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC6FB178-37A6-4724-982D-01A4B169C99B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BD671EA6-7E83-47D1-AB51-22A4F520D0A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{C8F7314E-214F-4581-8DEE-6780AEB8375D}" = rport=138 | protocol=17 | dir=out | app=system |
"{D104FF24-4925-4A89-BB80-758F185E6825}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DE922213-4C65-4A93-9FA8-3067C72D6F31}" = rport=139 | protocol=6 | dir=out | app=system |
"{DEB13045-5257-4FCA-8A5E-75C5BE0CA948}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC236270-ABE4-4193-86DF-2AE203DE62EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F49B83CD-3031-45F7-A287-9AACC0B72E5D}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A9DD8B-E0D7-4078-AD49-B61A22F1D0DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |
"{0C4934C8-4D61-4F6D-9B5B-B95D4A1F9CF8}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{0C8C7EE8-2E6D-42E3-909C-B4BC36D1E4B4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1005B5F9-96FD-462B-97A9-8EA1BF3982FB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |
"{10222B88-DAE1-420F-9707-9BC429A2911D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{20B828C0-0242-4F60-9253-355F54691618}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{23A5EE76-A761-4C46-B7B2-9D5C5308D19F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2841569A-0182-4FF9-9E91-4BDDA596AEFF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2A9CFFD0-37B8-4742-B828-1C9AF7294D96}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2E04A711-6400-4852-A9A6-EF334E9D5A83}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{3657A2E9-52BE-4F47-96FA-DCB5AA032C3C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3A6EDA17-6893-41CC-BC2E-519145F48B7B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3ED01A3F-7DAA-4BA2-B9A9-3C8F4314B558}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{4805B660-3663-487B-ABD4-01B5B8401464}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{485C45A6-3D9F-4D1F-9DE8-101E00D209B9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4C55C698-152E-4943-BF5A-B8A0A602CA90}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4DEF756F-D199-4A38-9E21-839E89A0AF30}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{592FF9FA-3B5A-4306-8514-D5F78A9933CD}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\7zsd67e.tmp\symnrt.exe |
"{5DEFBEC8-250F-459D-8F09-57748C541C60}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{623A7D36-98E6-4439-A262-DDC77F04CCA8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{64F022E0-AEF7-438B-B15E-7AC0AB2A5D3C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{653A1E8E-4532-4B05-8AA2-2841751616CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{673B9BCD-47BB-4CC1-A93D-CC572DD19D71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68BE007B-0ECA-477D-8276-91AEA93A60D5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6A31F05F-4F4F-4E6E-819A-362C3716679D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{758F57ED-1058-4225-86E6-00955F9B8A81}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7F4CAA59-5780-4D34-BFD4-ED80235D3D04}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{9FFBDF78-EF41-4A77-AD77-337C5AD88F0B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A2120952-E198-451B-B3E4-83CE239808EE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A77DF239-FCB2-4747-824F-C0C65F26846F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A89355CA-092A-40E7-BF13-14030092BEF9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{AEAC3628-FF8C-4895-ABA9-582E825148EE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B8523CDC-0B05-40AB-ABAF-83F6498BFEF3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BAD9691E-E03C-4C96-959B-93E86FBE2E7F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BDCCEA4F-9D4F-47DA-B9F1-491D2BEBD57B}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\7zsd67e.tmp\symnrt.exe |
"{C9C45907-9385-4F5E-9001-459967332273}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CFC25477-F82A-4B69-9753-529FCE9A6561}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E8794D97-4681-400F-8B6F-BFEA02B552AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EB3ABB93-93FD-4700-AFEF-32CF1041076F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F986E74E-A526-43AB-A7F6-62338F0C44E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FD0C3760-113D-4A18-9B86-74EA012D0856}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"TCP Query User{17B1D242-3AC8-4BB4-A5F7-BB4BB4C80593}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B172DE50-960E-432A-BB2E-244A19C78BC4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F8250788-A009-418C-8793-44C49D27EE2C}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{18685933-A6F8-4C77-84A3-52780859D191}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{749CB981-4EE9-44D7-A40D-F808AA62574B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F7FA74FD-6E7C-425C-BD14-670DEBE4C4CA}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2E8BDDE-6F1B-4A5D-870D-2748DA79360C}" = Toolkit 6
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFE637-E44E-4648-9183-D77E9F48F9F1}" = Graphical Analysis 3.2
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Extra DVD Copy Free_is1" = Extra DVD Copy Free 4.53
"Extra DVD Copy_is1" = Extra DVD Copy 6.6
"IncrediMail" = IncrediMail
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"sp41099" = sp41099
"Spyware Doctor" = Spyware Doctor 7.0
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"West_Point_Bridge_Designer_2007" = West Point Bridge Designer 2007
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3270381449-1547458226-2771678256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 3:23:03 AM | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 1/24/2010 3:23:07 AM | Computer Name = Martina-PC | Source = SPP | ID = 16387
Description =

Error - 1/24/2010 3:23:07 AM | Computer Name = Martina-PC | Source = System Restore | ID = 8193
Description =

Error - 1/24/2010 3:23:07 AM | Computer Name = Martina-PC | Source = System Restore | ID = 8210
Description =

Error - 1/24/2010 8:35:18 AM | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/24/2010 9:13:56 AM | Computer Name = Martina-PC | Source = Application Error | ID = 1000
Description = Faulting application pctsGui.exe, version 7.0.0.514, time stamp 0x4b0c95da,
faulting module pctsGui.exe, version 7.0.0.514, time stamp 0x4b0c95da, exception
code 0x80000003, fault offset 0x001742e8, process id 0xe50, application start time
0x01ca9cf714980ead.

Error - 1/24/2010 9:16:14 AM | Computer Name = Martina-PC | Source = Application Hang | ID = 1002
Description = The program SETUP.EXE version 3.5.2.11 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 44c Start Time: 01ca9cf21ddfd3dd Termination Time: 60000

Error - 1/24/2010 9:16:25 AM | Computer Name = Martina-PC | Source = Application Hang | ID = 1002
Description = The program werfault.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 51c Start Time: 01ca9cf73203f2bd Termination Time: 60000

Error - 1/24/2010 9:44:13 AM | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/24/2010 9:55:48 AM | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/18/2009 11:14:34 PM | Computer Name = Martina-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/19/2009 5:06:17 AM | Computer Name = Martina-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 12:52:39 AM | Computer Name = Martina-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 1/25/2010 2:09:56 AM | Computer Name = Martina-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:52:38 PM on 1/24/2010 was unexpected.

Error - 1/25/2010 2:10:23 AM | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/25/2010 6:44:50 PM | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Thank you again for your help,
Erik

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 25 January 2010 - 08:41 PM

Hi,

please give a description of the remaining symptoms or is the PC behaving normally currently?
Judging from the leftover in the logs it is (or was) indeed the latest variant of the tdss-rootkit you removed.

Please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 25 January 2010 - 10:53 PM

Hi,
I would say that it appears that everything is working as it should again, but I have not really had the chance to give the computer a real workout. The gmer program did freeze up during the scan in normal mode, so I had to run it in safe mode, so I don't know what that says about the current state of my system. My biggest concern is getting any remnants off my system and then fixing whatever security holes there are that made the infection possible in the first place. Multiple people use this computer, which is going to make it more susceptible, but I think there still must be something I can do to make it a little safer. Here is the log produced by gmer, not real sure about anything that it found smile.gif

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 22:35:12
Windows 6.0.6002 Service Pack 2
Running: u68dm4wl.exe; Driver: C:\Users\Martina\AppData\Local\Temp\pgldifow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B2A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74ADBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74ACF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74ACE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B08395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74ADDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74ACFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74ACFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74AC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74B5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74AFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74ACD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74AC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74AC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74AD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


And as always a BIG THANK YOU,
Erik

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 26 January 2010 - 02:08 AM

Hi,

the log from gmer looks clean. smile.gif So the rootkit definitely is disabled.

There are however a couple of files left I would like you to remove:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O33 - MountPoints2\{786add47-c15a-11de-8f8d-00248c079e09}\Shell\AutoRun\command - "" = L:\WDSetup.exe -- File not found
    O33 - MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
    O33 - MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\Shell\Install\Command - "" = E:\Setup.exe -- File not found
    O33 - MountPoints2\{f8ff01fb-0663-11de-b1c0-00248c079e09}\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CDStart.exe -- File not found
    O33 - MountPoints2\E\Shell\Install\Command - "" = E:\Setup.exe -- File not found
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    [2010/01/23 08:26:55 | 00,001,012 | ---- | C] () -- C:\ProgramData\h8srtmainqt.dll
    [2010/01/21 07:29:00 | 00,000,898 | ---- | C] () -- C:\ProgramData\h8srtkrl32mainweq.dll
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Afterwards please run an updated scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 26 January 2010 - 08:44 PM

Hello Myrti,
Things seem to be running pretty smoothly. I was able to run the scans without any trouble, which is a huge improvement from just days ago.
Here are the three logs from OTL and MBAM

-----OTL LOG #1-----

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{786add47-c15a-11de-8f8d-00248c079e09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{786add47-c15a-11de-8f8d-00248c079e09}\ not found.
File L:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984ef1f3-0753-11de-b70b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{984ef1f3-0753-11de-b70b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984ef1f3-0753-11de-b70b-806e6f6e6963}\ not found.
File L:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ not found.
File E:\CDStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d10df00a-eceb-11dd-85a5-806e6f6e6963}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ff01fb-0663-11de-b1c0-00248c079e09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ff01fb-0663-11de-b1c0-00248c079e09}\ not found.
File M:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\CDStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe not found.
C:\ProgramData\h8srtmainqt.dll moved successfully.
C:\ProgramData\h8srtkrl32mainweq.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martina
->Temp folder emptied: 14885852 bytes
->Temporary Internet Files folder emptied: 13841986 bytes
->Java cache emptied: 50159205 bytes
->FireFox cache emptied: 48062989 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 89674 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6933720 bytes

Total Files Cleaned = 128.00 mb


OTL by OldTimer - Version 3.1.26.0 log created on 01262010_201506

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETFB7D.tmp not found!

Registry entries deleted on Reboot...

-----OTL LOG #2-----

OTL logfile created on: 1/26/2010 8:22:20 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Martina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 203.10 Gb Free Space | 70.91% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.59 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 294.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 218.63 Gb Free Space | 93.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 62.04 Mb Total Space | 9.93 Mb Free Space | 16.00% Space Free | Partition Type: FAT

Computer Name: MARTINA-PC
Current User Name: Martina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Martina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\KBD\kbd.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Users\Martina\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (XAudioService) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100126.004\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100126.004\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0305020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0305020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0305020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\system32\drivers\N360\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\system32\drivers\N360\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\system32\drivers\N360\0305020.00B\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys (Symantec Corporation)
DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (StillCam) -- C:\Windows\System32\drivers\serscan.sys (Microsoft Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 23:14:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 23:14:09 | 00,000,000 | ---D | M]

[2010/01/21 23:14:20 | 00,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\Mozilla\Extensions
[2010/01/21 23:14:20 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Martina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/21 23:14:20 | 00,000,000 | ---D | M] -- C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\op012v74.default\extensions
[2010/01/26 20:19:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/21 23:14:09 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/15 22:09:51 | 00,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/15 22:09:52 | 00,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/15 22:09:53 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/01/15 19:13:03 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 19:13:03 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 19:13:03 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 19:13:03 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 19:13:03 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/24 14:59:41 | 00,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2010/01/15 19:13:03 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 19:13:03 | 00,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/13 21:45:59 | 00,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\thecleaner.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: residensealtd.com ([rseavpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://rseavpn.residensealtd.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://rseavpn.residensealtd.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/07 23:41:20 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/26 20:15:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/25 07:40:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2010/01/24 15:12:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2010/01/24 15:02:15 | 00,000,000 | ---D | C] -- C:\Users\Martina\Documents\Symantec
[2010/01/24 14:57:09 | 00,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/24 14:57:09 | 00,026,600 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/24 07:40:16 | 00,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/01/24 07:40:12 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/24 07:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/01/24 07:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/24 07:39:47 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/01/24 07:39:47 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/01/24 07:39:47 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/01/24 07:39:47 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/01/24 07:39:47 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/01/24 07:39:47 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symfw.sys
[2010/01/24 07:39:47 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/01/24 07:39:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/01/24 07:39:47 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndis.sys
[2010/01/24 07:39:47 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symids.sys
[2010/01/24 07:39:32 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/01/24 07:39:32 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0305020.00B
[2010/01/24 07:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/01/24 07:38:23 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/01/23 13:55:36 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Symantec
[2010/01/23 13:49:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/23 09:18:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/23 09:18:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/23 09:18:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/23 08:44:09 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martina\Desktop\mbam-setup.exe
[2010/01/22 00:06:58 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/21 23:50:33 | 00,000,000 | ---D | C] -- C:\Users\Martina\Desktop\tools
[2010/01/21 23:14:14 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Mozilla
[2010/01/21 23:14:14 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Local\Mozilla
[2010/01/21 23:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/21 22:51:51 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/21 22:51:51 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 22:51:51 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 22:51:51 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/21 22:30:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/01/21 22:29:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/01/21 07:59:14 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/01/21 07:59:14 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/01/21 07:59:09 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\PC Tools
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/21 07:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/18 15:36:29 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/15 23:54:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/14 07:42:03 | 00,000,000 | ---D | C] -- C:\Users\Martina\Desktop\DVD_VIDEO_RECORDER
[2010/01/13 11:20:36 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 11:20:36 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 23:22:27 | 00,000,000 | ---D | C] -- C:\Users\Martina\AppData\Roaming\Malwarebytes
[2010/01/12 14:45:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/01/12 14:45:09 | 00,000,000 | ---D | C] -- C:\Users\Martina\Office Genuine Advantage
[2010/01/12 14:35:29 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/11 19:34:35 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/05/19 12:34:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Martina\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/01/26 20:21:58 | 02,883,584 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT
[2010/01/26 20:19:05 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 20:19:05 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 20:19:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/26 20:18:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/26 20:18:41 | 30,854,47168 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 20:15:47 | 00,524,288 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/26 20:15:47 | 00,065,536 | -HS- | M] () -- C:\Users\Martina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/26 17:39:42 | 00,036,864 | ---- | M] () -- C:\Users\Martina\Documents\Eriks list.xls
[2010/01/26 17:37:45 | 00,002,284 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\wklnhst.dat
[2010/01/26 14:24:58 | 01,855,728 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010/01/26 09:18:11 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/26 09:18:11 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/26 09:18:11 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/25 22:54:14 | 01,887,272 | -H-- | M] () -- C:\Users\Martina\AppData\Local\IconCache.db
[2010/01/24 15:16:14 | 16,369,3331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/24 14:56:39 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/24 14:56:39 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/24 14:56:39 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/24 14:56:37 | 00,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/01/24 12:26:20 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2010/01/24 11:23:23 | 11,408,50688 | -HS- | M] () -- C:\NRTPage.sys
[2010/01/24 07:39:47 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/01/24 07:39:47 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/01/24 07:39:47 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/01/24 07:39:47 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/01/24 07:39:47 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/01/24 07:39:47 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symfw.sys
[2010/01/24 07:39:47 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/01/24 07:39:47 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/01/24 07:39:47 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symndis.sys
[2010/01/24 07:39:47 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0305020.00B\symids.sys
[2010/01/24 07:39:47 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/24 07:39:47 | 00,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/01/24 07:39:43 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/24 07:39:38 | 00,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/01/24 07:39:38 | 00,001,752 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/01/24 07:39:38 | 00,001,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/01/24 07:39:38 | 00,001,561 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/01/24 07:39:38 | 00,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/01/24 07:39:38 | 00,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/01/24 07:39:38 | 00,000,640 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/01/24 07:39:38 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010/01/24 07:39:32 | 00,009,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/01/24 07:39:32 | 00,009,402 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/01/24 07:39:32 | 00,007,431 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/01/24 07:39:32 | 00,007,429 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/01/24 07:39:32 | 00,007,425 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/01/24 07:39:32 | 00,007,400 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/01/24 07:39:32 | 00,007,383 | ---- | M] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/01/23 09:18:14 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 08:36:46 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martina\Desktop\mbam-setup.exe
[2010/01/21 23:14:10 | 00,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/21 22:45:13 | 00,007,052 | ---- | M] () -- C:\Users\Martina\AppData\Local\d3d9caps.dat
[2010/01/21 07:59:13 | 00,001,721 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/17 22:03:18 | 00,000,000 | ---- | M] () -- C:\Users\Martina\Desktop\settings.dat
[2010/01/15 23:24:13 | 00,421,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/15 22:44:46 | 00,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/01/13 21:45:59 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/12 09:13:23 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 16:02:26 | 00,195,355 | ---- | M] () -- C:\Users\Martina\Desktop\eCompanionClassSetupFormV1g.pdf

========== Files Created - No Company Name ==========

[2010/01/25 22:41:41 | 30,854,47168 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 12:26:20 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2010/01/24 08:54:10 | 01,855,728 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\Cat.DB
[2010/01/24 07:40:12 | 00,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/24 07:40:12 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/24 07:39:52 | 00,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/01/24 07:39:38 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/01/24 07:39:38 | 00,001,752 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/01/24 07:39:38 | 00,001,562 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/01/24 07:39:38 | 00,001,561 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/01/24 07:39:38 | 00,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/01/24 07:39:38 | 00,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/01/24 07:39:38 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/01/24 07:39:38 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\isolate.ini
[2010/01/24 07:39:32 | 00,009,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/01/24 07:39:32 | 00,009,402 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/01/24 07:39:32 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/01/24 07:39:32 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/01/24 07:39:32 | 00,007,425 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/01/24 07:39:32 | 00,007,400 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/01/24 07:39:32 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/01/24 01:44:02 | 11,408,50688 | -HS- | C] () -- C:\NRTPage.sys
[2010/01/23 09:18:14 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 23:14:10 | 00,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/21 07:59:14 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/01/21 07:59:14 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/01/21 07:59:13 | 00,001,721 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/21 07:59:09 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/01/17 22:03:18 | 00,000,000 | ---- | C] () -- C:\Users\Martina\Desktop\settings.dat
[2010/01/12 14:35:24 | 16,369,3331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/12 09:13:23 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/02 16:02:25 | 00,195,355 | ---- | C] () -- C:\Users\Martina\Desktop\eCompanionClassSetupFormV1g.pdf
[2009/10/11 08:18:56 | 00,024,206 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\UserTile.png
[2009/09/17 00:28:17 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/19 12:35:12 | 00,000,034 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.log
[2009/05/19 12:34:47 | 00,081,920 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\ezpinst.exe
[2009/05/19 12:34:47 | 00,007,176 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.cat
[2009/05/19 12:34:47 | 00,001,144 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\pcouffin.inf
[2009/03/13 06:36:57 | 00,007,052 | ---- | C] () -- C:\Users\Martina\AppData\Local\d3d9caps.dat
[2009/03/12 18:20:47 | 00,016,896 | ---- | C] () -- C:\Users\Martina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 17:20:59 | 00,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/01 19:54:43 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/24 21:15:36 | 00,002,284 | ---- | C] () -- C:\Users\Martina\AppData\Roaming\wklnhst.dat
[2009/02/24 21:03:34 | 00,000,030 | ---- | C] () -- C:\Windows\System32\wincon.ini
[2009/02/24 21:03:33 | 00,181,760 | ---- | C] () -- C:\Windows\System32\PATCHW32.DLL
[2008/11/06 18:57:10 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/06 18:57:10 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

-----MBAM LOG-----

Malwarebytes' Anti-Malware 1.44
Database version: 3642
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/26/2010 8:36:27 PM
mbam-log-2010-01-26 (20-36-27).txt

Scan type: Quick Scan
Objects scanned: 112405
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBAM found nothing during its scan, which I hope means that we have finally cleaned everything out.
Thanks for all the help,
Erik

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 27 January 2010 - 06:46 PM

Hi,

things are looking good. Just to be safe please run a scan with Eset as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 January 2010 - 10:45 PM

Hi Myrti,
Sorry that it took a little longer to complete this last step, but I was able to download and run the ESET Online Scan. It found zero infected files, which sounds like a good thing to me. Whats next?

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 29 January 2010 - 02:46 PM

Hi,

things are indeed looking good. smile.gif Your logs are clean. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 EPWNeedsHelp

EPWNeedsHelp
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 29 January 2010 - 09:25 PM

Myrti,
The computer seems to be working great. I have decided to totally abandon IE, and I have done my best to make it hard to find on my parents other computer as well. Firefox seems to be the safer route. What other steps can I take to ensure that our computers are as safe as possible?

I greatly appreciate all your help!

Thank you,
Erik

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 29 January 2010 - 09:36 PM

Hi,
a big step towards security is updating your software:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

Then go here to check for & install updates to Microsoft applications.

Please reboot and repeat the update process until there are no more updates to install.

Let me know if you run into any trouble with this.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 AM

Posted 05 February 2010 - 03:49 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users