Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some sort of virus - computer freezes and continously beeps


  • This topic is locked This topic is locked
12 replies to this topic

#1 Gimpo

Gimpo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 17 February 2010 - 01:09 PM

Hi there. I will try to explain the situation as best I can. My computer will work for a little bit (an hour, maybe 1/2 hour) then while surfing in internet, I click on anything (doesn't matter) the computer will start clicking like the sound it makes when you click the enter key too many times, freezes and then won't allow me to even do a reboot. I have to turn the power off. Recently I hit a site which started up some executible, so it leads me to believe I have a nasty virus, but not 100% sure, thus I came looking to you guys. My machine is really slow too on the boot up process, launching programs (Word, IE, Mozilla) thus I think even more problems. Anything you can do to help is appreciated. Everything (I hope) is below. I also checked my keyboard and mouse to be sure that nothing was hitting the keys - unplugged them and rebooted and still it would freeze up.
I do not get any errors, just this strange beeping that will start up, the machine freezes and I reboot. Also the machine is EXTERMELY slow now. No new programs loaded that I remember, but could be part of a problem. I couldn't get a log yet from GMER - I hope that's ok. It ran and ran, then frooze. I did it again and same problem. I let it run this morning before work so maybe when I get home I will see a result. Hope so!
Thanks so much.

Oh I have the hijackthis log if needed.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Andrew & Kati at 1:07:31.37 on Wed 02/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1154 [GMT -8:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew & Kati\Desktop\Hijackthis\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
uRun: [RegistryCleanerPro] c:\program files\ixi tools\registry cleaner pro\RegistryCleanerPro.exe -t
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera LTI301P
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: f5.com\biscuit
Trusted Zone: f5.com\fox
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://fox.f5.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1118,1405
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://fox.f5.com/vdesk/terminal/urxvpn.cab#version=6031,2009,1010,313
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://fox.f5.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1118,1405
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://fox.f5.com/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1010,310
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://fox.f5.com/vdesk/terminal/InstallerControl.cab#version=6031,2009,1010,0312
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://fox.f5.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1118,1405
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://fox.f5.com/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1010,0303
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://oak.f5.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} - hxxps://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://fox.f5.com/vdesk/terminal/urxshost.cab#version=6031,2009,1010,308
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://fox.f5.com/vdesk/terminal/urxhost.cab#version=6031,2009,1010,304
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://fox.f5.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2009,1010,0309
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://fox.f5.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1118,1405
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\x50b06dq.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFTMUFEHelper.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFToolbarComm.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-16 23:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{5DC53E13-E865-430F-97A7-98ACA32FC3D8}
2010-02-16 23:21 <DIR> --d----- c:\program files\iXi Tools
2010-02-16 23:18 <DIR> --d----- c:\program files\AnVir Task Manager Free
2010-02-16 06:53 <DIR> --d----- c:\windows\system32\Service
2010-02-08 21:13 <DIR> --d----- c:\program files\ICLUBcentral
2010-01-24 23:38 <DIR> --d----- c:\windows\Applian FLV Player

==================== Find3M ====================

2010-01-18 17:54 76,640 a------- c:\docume~1\andrew~1\applic~1\GDIPFONTCACHEV1.DAT
2010-01-17 14:24 61,028 a---h--- c:\windows\system32\mlfcache.dat
2010-01-04 18:39 4,199,784 a------- c:\windows\system32\cdintf400.dll
2009-12-31 08:14 352,640 a------- c:\windows\system32\drivers\srv.sys
2009-12-31 08:14 352,640 a------- c:\windows\system32\dllcache\srv.sys
2009-12-21 05:19 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 04:58 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 04:58 343,040 a------- c:\windows\system32\dllcache\mspaint.exe
2009-12-13 23:35 33,280 a------- c:\windows\system32\dllcache\csrsrv.dll
2009-12-13 23:35 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 10:14 2,185,984 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 10:11 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-12-08 10:11 2,142,720 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 09:35 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-12-08 09:35 2,020,864 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 09:35 2,063,104 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 00:59 474,112 a------- c:\windows\system32\dllcache\shlwapi.dll
2009-12-07 23:21 195,413 a------- c:\windows\hpoins40.dat
2009-12-04 06:41 453,760 a------- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 09:04 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 09:04 1,291,776 a------- c:\windows\system32\dllcache\quartz.dll
2009-11-27 09:04 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 09:04 17,920 a------- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 08:37 84,992 a------- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 08:37 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 08:37 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 08:37 48,128 a------- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 08:37 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 08:37 28,672 a------- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 08:37 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-27 08:37 11,264 a------- c:\windows\system32\dllcache\msrle32.dll
2009-11-27 08:37 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 08:37 8,704 a------- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-21 08:36 470,528 a------- c:\windows\system32\dllcache\aclayers.dll
2009-11-21 08:36 470,528 a------- c:\windows\apppatch\aclayers.dll
2008-07-23 15:49 4,096 a--sh--- c:\windows\system32\qweasdf.dat

============= FINISH: 1:12:26.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 19 February 2010 - 08:25 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Gimpo

Gimpo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 20 February 2010 - 11:20 AM

Hi there. I will try to explain the situation as best I can. My computer will work for a little bit (an hour, maybe 1/2 hour) then while surfing in internet, I click on anything (doesn't matter) the computer will start clicking like the sound it makes when you click the enter key too many times, freezes and then won't allow me to even do a reboot. I have to turn the power off. Recently I hit a site which started up some executible, so it leads me to believe I have a nasty virus, but not 100% sure, thus I came looking to you guys. My machine is really slow too on the boot up process, launching programs (Word, IE, Mozilla) thus I think even more problems. Anything you can do to help is appreciated. Everything (I hope) is below. I also checked my keyboard and mouse to be sure that nothing was hitting the keys - unplugged them and rebooted and still it would freeze up.
I do not get any errors, just this strange beeping that will start up, the machine freezes and I reboot. Also the machine is EXTERMELY slow now. No new programs loaded that I remember, but could be part of a problem. I couldn't get a log yet from GMER - I hope that's ok. It ran and ran, then frooze. I did it again and same problem. I let it run this morning before work so maybe when I get home I will see a result. Hope so!
Thanks so much.

I cannot create a GMER log - it fails and freezes. What else can I do? Can you help with the 2 logs I have? Or some other rootkit program?

Attached Files



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 20 February 2010 - 05:22 PM

Hello Gimpo ! welcome.gif

I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.
As you can see I am still a trainee and that means my work is revised by a coach.
Therefore, it will take a bit longer for me to reply.
So don't be impatient because I won't leave your case suspended in the air,waiting forever.

NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended.

I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied.



During the cleaning process many files may be hidden so please unhide them by following the instructions listed here: How to show hidden files and folders.
And also do not make any other changes to your system.
This will not help any of us because fixes are based on strict information I find in your logs so changing it will only complicate the situation. smile.gif

Remember to check your topic for new replies.

Probably, it will take a couple of days until the next reply but after that everything will go faster.

Also please let me know if you still need help after you have read this.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 Gimpo

Gimpo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 21 February 2010 - 11:37 PM

HI there Elle and thanks for the email. I appreciate it and sure hope you can help me out. This is pretty bad. I have attached the GMER results I and I think it's what you need. Took forever, but finally got it :-) Let me know what else you need. THanks again

GMER log here and attached


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-21 14:11:53
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\kwrcraog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BF5078EAC31E9A04A8D2866D37F3FB2C\Usage@statusexe 1012211757

---- EOF - GMER 1.0.15 ----

Attached Files



#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 22 February 2010 - 10:45 AM

Hi again smile.gif ,

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 Gimpo

Gimpo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 February 2010 - 02:28 PM

Hi Elle - I am now travelling and won't be back until Thursday. Will that work ok? I know that there are time limits, etc. Anyway, I will get this OTL Report asap on Thursday when I get back. Let me know if that's ok. Thanks,

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 23 February 2010 - 11:07 AM

Hi Gimpo,

It is just ok smile.gif
Thank you for letting me know.Your topic would have been closed if you hadn't let me know about it.
(The time limit would have been 5 days starting my last post date)
I am waiting for the reports.


Also please run this tool as well:

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.





Ellle

Edited by Blind Faith, 23 February 2010 - 11:08 AM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 Gimpo

Gimpo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 26 February 2010 - 05:13 PM

Hi there Elle and thanks again. I couldn't get the Extra.txt file, but I got the others attached and included. I had to boot in Safemode because I just couldn't get the otherthings to run. hope this works. Thanks!


OTL logfile created on: 2/26/2010 1:37:09 PM - Run 3
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Andrew & Kati\Desktop\Hijackthis
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 3067 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.40 Gb Total Space | 120.34 Gb Free Space | 41.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 338.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVISHOUSE
Current User Name: Andrew & Kati
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/26 12:41:02 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew & Kati\Desktop\Hijackthis\OTL.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 12:41:02 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew & Kati\Desktop\Hijackthis\OTL.exe
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 21:54:56 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/12/14 21:54:56 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/12/14 21:54:56 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/12/14 21:54:55 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 22:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/02/04 10:19:54 | 000,991,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/08/27 07:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/06 05:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/16 06:39:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/01/12 22:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2005/08/16 02:37:20 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2003/07/28 03:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/14 21:55:23 | 001,223,832 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/12/14 21:55:23 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/12/14 21:55:23 | 000,225,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/14 21:55:23 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/14 21:55:22 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/14 21:55:22 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/12/14 21:55:22 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/12/14 21:55:22 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/10/09 19:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 19:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/02 09:45:53 | 000,108,912 | ---- | M] (Zemana Ltd.) [Kernel | System | Stopped] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2008/12/13 06:47:38 | 000,129,896 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/12/13 06:47:38 | 000,040,496 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008/12/13 06:47:38 | 000,032,056 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2008/09/08 19:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/29 21:03:34 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/07/24 08:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 13:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 04:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/16 06:39:00 | 003,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/05/03 09:19:36 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2006/05/03 09:19:36 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2006/01/12 22:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/12 22:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/12 22:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/12 22:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2006/01/10 09:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/27 15:39:28 | 000,094,445 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/08/12 15:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 21:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 21:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/11/17 12:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 12:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 12:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 09:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/10/05 20:52:12 | 000,031,708 | ---- | M] (LapLink.com, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\llcser.sys -- (LLCSER)
DRV - [2001/10/05 20:51:40 | 000,093,440 | ---- | M] (LapLink.com, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\llcport.sys -- (LLCPORT)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com/
IE - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\S-1-5-21-2511203746-1086140621-2708841175-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\S-1-5-21-2511203746-1086140621-2708841175-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/07 22:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2009/12/14 21:58:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/16 00:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/16 00:00:20 | 000,000,000 | ---D | M]

[2009/08/10 23:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew & Kati\Application Data\Mozilla\Extensions
[2010/02/26 13:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew & Kati\Application Data\Mozilla\Firefox\Profiles\x50b06dq.default\extensions
[2009/08/10 23:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/18 17:54:09 | 000,000,633 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (Vimicro)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O4 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006..\Run: [RegistryCleanerPro] C:\Program Files\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe (iXi Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/12/14 21:46:20 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/12/14 21:46:20 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/12/14 21:46:20 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/12/14 21:46:20 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\..Trusted Domains: f5.com ([biscuit] http in Trusted sites)
O15 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\..Trusted Domains: f5.com ([biscuit] https in Trusted sites)
O15 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\..Trusted Domains: f5.com ([fox] http in Trusted sites)
O15 - HKU\S-1-5-21-2511203746-1086140621-2708841175-1006\..Trusted Domains: f5.com ([fox] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://fox.f5.com/vdesk/terminal/f5opswati...,2009,1118,1405 (OPSWAT AntiViruses Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://fox.f5.com/vdesk/terminal/urxvpn.ca...1,2009,1010,313 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://fox.f5.com/vdesk/terminal/f5opswati...,2009,1118,1405 (OPSWAT FireWalls Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://fox.f5.com/vdesk/terminal/f5tunsrv....1,2009,1010,310 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://fox.f5.com/vdesk/terminal/Installer...,2009,1010,0312 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://fox.f5.com/vdesk/terminal/f5opswati...,2009,1118,1405 (OPSWAT ProcessesScanner Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://fox.f5.com/vdesk/terminal/f5Inspect...,2009,1010,0303 (F5 Networks Policy Agent Host Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.com/photos/activex/Imag....1.0-082608.cab (Image Uploader Control)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://oak.f5.com/vdesk/terminal/urTermPro...,2008,0514,2337 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} https://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab (CMMHost Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://fox.f5.com/vdesk/terminal/urxshost....1,2009,1010,308 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T26...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://fox.f5.com/vdesk/terminal/urxhost.c...1,2009,1010,304 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://fox.f5.com/policy/download_binary.p...,2009,1010,0309 (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://fox.f5.com/vdesk/terminal/f5opswati...,2009,1118,1405 (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/22 02:49:26 | 000,648,360 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0298d952-63bd-11dc-abae-0019d1087832}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2009/05/21 05:55:31 | 001,131,008 | R--- | M] (Hewlett-Packard)
O33 - MountPoints2\{f49e69b1-eb01-11dd-ac00-463500000031}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = wdsync.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/21 01:27:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew & Kati\Recent
[2010/02/20 22:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/20 21:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew & Kati\Application Data\Windows Search
[2010/02/20 21:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew & Kati\Application Data\Windows Desktop Search
[2010/02/18 23:42:59 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/17 23:32:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/02/16 23:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{5DC53E13-E865-430F-97A7-98ACA32FC3D8}
[2010/02/16 23:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\iXi Tools
[2010/02/16 23:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\AnVir Task Manager Free
[2010/02/16 23:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\AnVir
[2010/02/16 06:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2010/02/08 21:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\ICLUBcentral
[2010/02/08 21:09:33 | 029,914,860 | ---- | C] (ICLUBcentral) -- C:\Documents and Settings\Andrew & Kati\Desktop\Toolkit6Setup.exe
[2010/01/29 23:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew & Kati\Desktop\ProcessExplorer
[2010/01/20 07:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2009/12/14 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2007/12/01 04:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/15 11:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/02/14 23:17:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/02/14 23:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 02:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/26 13:06:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 12:51:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 12:50:02 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 12:50:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 12:20:31 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2010/02/26 08:29:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 01:57:07 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/21 23:58:22 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/21 22:43:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Andrew & Kati\ntuser.ini
[2010/02/20 21:50:05 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\ntuser.dat
[2010/02/20 21:47:22 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/02/20 21:46:59 | 000,545,364 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/20 21:46:59 | 000,463,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/20 21:46:59 | 000,078,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/19 23:01:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\defogger_reenable
[2010/02/19 00:12:58 | 000,192,243 | ---- | M] () -- C:\WINDOWS\hpoins40.dat
[2010/02/17 07:08:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/16 23:21:47 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Cleaner Pro.lnk
[2010/02/16 23:18:20 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnVir Task Manager Free.lnk
[2010/02/16 18:42:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Andrew & Kati\Desktop\~$ngs to checkout.doc
[2010/02/16 00:40:50 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 04:46:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2010/02/13 00:36:41 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/02/10 16:49:12 | 000,705,884 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\Desktop\VID 00005.3GP
[2010/02/10 16:45:50 | 000,989,093 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\Desktop\VID 00006.3GP
[2010/02/08 21:19:20 | 000,010,876 | ---- | M] () -- C:\WINDOWS\System32\tmpfile.$$$
[2010/02/08 21:13:54 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toolkit 6.lnk
[2010/02/08 21:13:54 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\wincon.ini
[2010/02/08 21:13:43 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Toolkit 6 Manual.lnk
[2010/02/08 21:09:35 | 029,914,860 | ---- | M] (ICLUBcentral) -- C:\Documents and Settings\Andrew & Kati\Desktop\Toolkit6Setup.exe
[2010/02/01 21:33:13 | 000,392,704 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\Desktop\Songs to checkout.doc
[2010/01/30 23:40:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\LOG
[2010/01/30 23:33:33 | 000,009,938 | ---- | M] () -- C:\Documents and Settings\Andrew & Kati\Desktop\JPMC.QIF

========== Files Created - No Company Name ==========

[2010/02/20 21:47:22 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/02/19 23:01:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\defogger_reenable
[2010/02/19 03:02:33 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/19 00:12:47 | 000,195,413 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2010/02/19 00:12:47 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2010/02/16 23:21:47 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Cleaner Pro.lnk
[2010/02/16 23:18:19 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnVir Task Manager Free.lnk
[2010/02/16 18:42:23 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Andrew & Kati\Desktop\~$ngs to checkout.doc
[2010/02/12 19:32:40 | 000,989,093 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Desktop\VID 00006.3GP
[2010/02/12 19:32:39 | 000,705,884 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Desktop\VID 00005.3GP
[2010/02/08 21:13:54 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toolkit 6.lnk
[2010/02/08 21:13:43 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Toolkit 6 Manual.lnk
[2010/02/01 21:33:12 | 000,392,704 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Desktop\Songs to checkout.doc
[2010/01/30 23:33:33 | 000,009,938 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Desktop\JPMC.QIF
[2009/12/14 19:36:33 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\PATCHW32.DLL
[2009/12/07 22:23:37 | 000,001,406 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/25 07:39:17 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{512A31DE-EA49-4AEC-AE64-AEF842DE8ABA}_WiseFW.ini
[2009/01/21 16:08:26 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/11/10 08:18:36 | 000,001,321 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/12/17 14:03:44 | 000,000,189 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/22 22:42:38 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/03/05 21:44:23 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/04 23:11:28 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Application Data\dvd.bmk
[2007/01/29 21:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/07 22:52:24 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/05 00:07:22 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\wincon.ini
[2006/12/31 01:54:43 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll
[2006/12/28 23:07:08 | 000,038,332 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Application Data\Microsoft Excel.ADR
[2006/12/28 21:50:10 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/12/23 22:33:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/23 01:13:33 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/20 00:19:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew & Kati\Local Settings\Application Data\fusioncache.dat
[2006/12/14 01:44:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 01:39:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 01:36:26 | 000,000,529 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 01:12:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/14 01:11:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 08:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/11/09 23:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:18:33 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/16 02:18:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\baseowjgf32(2).dll
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/12 20:49:02 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2004/05/27 18:43:42 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >

Attached Files



#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 05 March 2010 - 07:43 AM

Hi again,

Sorry for the delay.




We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    O33 - MountPoints2\{0298d952-63bd-11dc-abae-0019d1087832}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




Your problem might not be malware related due to the fact that the information you provided show no serious problems but please first provide the logs.

If nothing appears then we will send you to the Hardware Area.Please also check your hard drive for any problems.
Post in your next reply the information I've required.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 Gimpo

Gimpo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 07 March 2010 - 10:47 PM

Hi there again. Finally got everything to run. Attached are my logs. Let me know what you think! Thanks so much!


OTL
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0298d952-63bd-11dc-abae-0019d1087832}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0298d952-63bd-11dc-abae-0019d1087832}\ not found.
File wscript.exe \SMRTNTKY\script.js not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 03052010_231427

Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/6/2010 11:54:13 PM
mbam-log-2010-03-06 (23-53-52).txt

Scan type: Quick Scan
Objects scanned: 144995
Time elapsed: 34 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\baseowjgf32(2).dll (Malware.Packer.Gen) -> No action taken.

Attached Files



#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:39 PM

Posted 08 March 2010 - 02:05 PM

Hi,
Congrats! Your log looks clean. smile.gif


Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.



Please also, now that you are clean don't forget about the firewall.

Windows XP System Restore Guide

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, I would recommend the download and installation of some or all of the following programs, and the updating of them regularly

Install SUPERAntiSpyware - Install and download SUPERAntiSpyware .
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* Information on installing & using this product can be found here:
* Click here for more info -->SUPERAntiSpyware official site

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.



Now you will be redirected to the Hardware Forum for checking better in the system.
Your logs show no other problems so I suspect you are having a hardware problem.
Please open a new topic there describing your problem.



If you have any addition questions just ask...

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:39 AM

Posted 12 March 2010 - 07:25 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users