Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Browser redirection, Program Issues


  • This topic is locked This topic is locked
21 replies to this topic

#1 spart

spart

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 20 February 2010 - 10:58 PM

My friend is having a problem with her Sony Vaio. When she uses Internet Explorer some sites get redirected. She also said it is running very slow. She only has 512 Ram and after going through it I cleaned up alot of stuff. Her AVG wouldn't update and there are some other things going on. I removed AVG and installed the newest Symantec Endpoint. Ran a scan but it didn't find anything. Spybot wasn't much help either. I tied installing MBAM but it won't load up. I click on it and nothing happens. I ran HiJackThis and checked her log. It took a couple of times to get HijackThis to scan as well. There are a few unknown entries in the URL Search hook and wasn't able to find out what they are. I follwed your site instructions but when I ran the GMER program during the scan the computer crashes. It said RPC crashed and needed to reboot. I disabled it temporarily and tried to run it again and it still crashed. Here is my DDS log. I'm also attaching the HijackThis since I can't do the GMER log. I figured that since MBAM won't work I must have something nasty and need some help.

Appreciate any help I can get.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Itunes at 18:43:11.39 on Fri 02/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.106 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Itunes\LOCALS~1\Temp\x9cg79gl.tmp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.espn.go.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
uURLSearchHooks: H - No File
mURLSearchHooks: N/A: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ActivClient Agent.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Service Manager.lnk.disabled
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\itunes\applic~1\mozilla\firefox\profiles\ouysdupx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\itunes\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\itunes\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\gradke~1\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDBsignWeb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-19 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100218.065\NAVENG.SYS [2010-2-19 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100218.065\NAVEX15.SYS [2010-2-19 1324720]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2010-02-19 14:40:25 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-19 14:35:57 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-19 14:34:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-19 14:34:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-19 14:34:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-19 14:34:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-19 14:28:36 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-19 14:28:35 0 d-----w- c:\program files\Symantec
2010-02-19 14:26:06 0 d-----w- c:\windows\IsisLogs
2010-02-19 04:55:27 0 dc----w- c:\docume~1\itunes\applic~1\Malwarebytes
2010-02-19 04:55:19 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-19 04:55:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 04:15:38 0 d-----w- c:\windows\system32\Adobe
2010-02-19 04:06:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-19 04:06:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 03:45:23 0 dcsh--w- c:\documents and settings\itunes\IECompatCache
2010-02-19 03:44:53 0 dcsh--w- c:\documents and settings\itunes\PrivacIE
2010-02-19 03:12:11 0 dcsh--w- c:\documents and settings\itunes\IETldCache
2010-02-19 02:55:54 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:55:08 0 d-----w- c:\windows\ie8updates
2010-02-19 02:52:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:52:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:46:44 0 dc-h--w- c:\windows\ie8
2010-02-19 02:38:21 1374 ----a-w- c:\windows\imsins.BAK
2010-02-18 02:10:42 0 d-----w- c:\program files\TrendMicro
2010-02-17 00:07:30 0 dc-h--w- C:\$AVG
2010-02-17 00:05:31 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-16 03:29:44 0 d-----r- c:\program files\Skype
2010-02-16 03:13:38 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-16 01:55:20 0 dc----w- c:\docume~1\itunes\applic~1\AVS4YOU
2010-02-16 01:47:54 0 d-----w- c:\program files\AVS4YOU
2010-02-12 01:19:31 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-27 16:01:47 90112 ----a-w- c:\windows\DUMP804b.tmp
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 15:29:53 39476 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-27 04:49:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-27 04:49:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 18:45:38.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 22 February 2010 - 07:02 PM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both DDS logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 23 February 2010 - 09:01 AM

Etavares,

I was able to run the OTL and get a report. I will post it this evening when I get home from work. However the GMER rootkit scanner causes the laptop to crash with the infamous BSOD. I've tried it 3 times with all the same results. Is there another program I can use other than GMER?

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 23 February 2010 - 08:10 PM

Hi spart,

Please try GMER in Safe Mode. If that doesn't work, please try it in Safe Mode, but do NOT check the "devices" box.

If all else fails, please run RootRepeal (But please try GMER first as above):

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive.
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 24 February 2010 - 07:07 PM

Well I tried GMER mode in safemode and it did work. The only problem is because the video driver is generic I couldn't scroll down the save the log. I tried every possible way but all I could see was the Scan button. I'm going to try the RootRepeal this evening and if it goes quick instead of the couple hours GMER took I will post it tonight. If not I will post tomorrow so please bear with me.

Thanks

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 24 February 2010 - 07:49 PM

OK, no problem. that's unfortunate, the GMER log can tell us a lot. i'll wait for the rootrepeal log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 25 February 2010 - 01:33 AM

Here is my report:

OTL:

OTL logfile created on: 2/22/2010 10:38:04 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Shannon House\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 15.85 Gb Free Space | 22.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A25BD8260D5F438
Current User Name: Shannon House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 20:41:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon House\Desktop\OTL.exe
PRC - [2010/02/18 23:06:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/09/17 18:27:16 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/06 09:01:18 | 001,794,856 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2009/07/13 12:06:15 | 001,422,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
PRC - [2009/07/13 12:06:15 | 000,484,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2005/09/22 13:36:20 | 014,854,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/07/22 21:43:46 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/07/22 21:41:58 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2005/07/22 21:40:54 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/07/22 21:40:16 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/02/22 19:37:58 | 000,106,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/02/09 04:43:58 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005/01/21 22:53:36 | 000,150,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/22 20:41:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon House\Desktop\OTL.exe
MOD - [2007/10/19 15:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/02/18 23:06:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/28 19:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/30 20:01:56 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/10/24 22:10:08 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/10/19 15:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 15:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 15:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2005/07/22 21:43:46 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/22 21:40:54 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/22 21:40:16 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/02/17 17:31:00 | 000,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/02/14 20:30:02 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/02/10 11:44:04 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/02/09 12:43:52 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/02/09 04:43:58 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2005/01/26 18:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 18:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 18:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 17:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/01/21 22:53:36 | 000,150,528 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/01/14 15:18:48 | 001,839,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/01/14 14:26:56 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 14:21:32 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 14:20:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\URLSearchHook: *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-21-505099160-220901131-1732615364-1006\S-1-5-21-505099160-220901131-1732615364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.washingtonpost.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/19 23:47:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 23:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 23:28:13 | 000,000,000 | ---D | M]

[2008/11/24 14:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Extensions
[2009/10/31 18:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\extensions
[2008/04/25 16:24:09 | 000,000,000 | ---D | M] (Media Agent plugin 2) -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}(2)
[2008/12/08 23:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/03/25 07:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\extensions\moveplayer@movenetworks.com
[2009/10/31 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\extensions\staged-xpis
[2007/11/16 19:31:39 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Shannon House\Application Data\Mozilla\Firefox\Profiles\qfz76753.default\searchplugins\aolsearch.xml
[2010/02/18 23:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/06 23:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2004/08/18 13:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\DCAENTU.dll
[2004/08/18 13:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\DCARSA.dll
[2004/08/18 13:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\GuiUtils.dll
[2004/08/18 13:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDBsignWeb.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/11/18 12:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/06/04 11:45:51 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2004/08/18 13:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Mozilla Firefox\plugins\nsldap32v30.dll

O1 HOSTS File: ([2009/12/25 23:54:51 | 000,370,657 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12778 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Shannon House\Start Menu\Programs\Startup\Qwest QuickNetworking.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Shannon House\Start Menu\Programs\Startup\Webshots.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-505099160-220901131-1732615364-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.6.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shannon House\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shannon House\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 15:37:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f62b119-0c3b-11db-b6bd-0013ce050b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{5f62b119-0c3b-11db-b6bd-0013ce050b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f62b119-0c3b-11db-b6bd-0013ce050b6b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{741c650c-5420-11dd-b7a7-0013ce050b6b}\Shell\AutoRun\command - "" = F:\PortableVault.exe -- File not found
O33 - MountPoints2\{763998c4-cb8d-11db-b712-0013ce050b6b}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/03/09 15:36:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: VIDC.i420 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: VIDC.IV31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (28995315625361408)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 22:33:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shannon House\Desktop\OTL.exe
[2010/02/22 22:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon House\Desktop\gmer-1
[2010/02/22 22:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon House\Local Settings\Application Data\Symantec
[2010/02/19 09:40:25 | 000,149,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/02/19 09:35:57 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/02/19 09:34:48 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/19 09:34:48 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/19 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/19 09:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/19 09:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\IsisLogs
[2010/02/19 00:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon House\Application Data\Malwarebytes
[2010/02/19 00:19:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Shannon House\IETldCache
[2010/02/18 23:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 23:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 23:15:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/02/18 23:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/18 23:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/18 22:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/18 22:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/18 22:28:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/18 22:28:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/18 21:55:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/18 21:46:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/17 21:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/16 19:07:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/16 19:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/15 22:29:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/02/15 20:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/11 20:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/08 10:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/08 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/10/19 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/17 02:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/22 22:31:57 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Shannon House\Desktop\Windows Explorer.lnk
[2010/02/22 22:31:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/22 22:31:17 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Shannon House\NTUSER.DAT
[2010/02/22 22:28:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 22:27:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/22 22:27:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/22 22:25:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Shannon House\ntuser.ini
[2010/02/22 20:41:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon House\Desktop\OTL.exe
[2010/02/22 20:17:12 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/19 09:35:15 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/19 09:35:15 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/19 09:35:15 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/19 09:35:15 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/18 23:26:07 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/18 22:57:10 | 000,581,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 22:57:10 | 000,489,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 22:57:10 | 000,092,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/18 21:57:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/15 22:35:28 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/12 06:49:35 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 06:49:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/12 06:49:35 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 22:31:57 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Shannon House\Desktop\Windows Explorer.lnk
[2010/02/19 09:34:48 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/19 09:34:48 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/18 21:38:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/12 06:49:36 | 000,002,078 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
[2010/02/12 06:49:36 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk.disabled
[2010/02/12 06:49:36 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk.disabled
[2010/02/12 06:49:36 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
[2010/02/12 06:49:36 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
[2010/02/12 06:49:35 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Shannon House\Start Menu\Programs\Startup\Qwest QuickNetworking.lnk.disabled
[2010/02/12 06:49:35 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Shannon House\Start Menu\Programs\Startup\Webshots.lnk.disabled
[2008/07/12 17:55:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/12 17:47:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2007/10/11 20:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/07/14 20:04:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/07 21:05:15 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/04/07 20:55:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/21 18:59:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/03 20:24:32 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys
[2006/10/20 21:29:04 | 000,048,205 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/20 21:21:43 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/10/20 21:16:49 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2006/09/08 16:38:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4W.DLL
[2006/07/20 09:48:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/14 13:16:28 | 000,000,195 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/06/04 14:51:43 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\Shannon House\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/04 14:33:30 | 000,000,089 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/06/03 16:28:18 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/31 15:05:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Shannon House\Application Data\wklnhst.dat
[2006/05/29 20:56:23 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/05/29 20:47:50 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/05/29 20:45:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/29 20:45:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/29 20:45:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/29 20:45:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/29 20:45:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/29 20:45:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/29 20:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/29 20:33:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/12/09 16:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/03/09 17:56:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/09 16:46:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/03/09 15:43:08 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/09 14:20:20 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/06 14:53:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/06/05 14:56:16 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/27 15:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2002/06/12 12:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 19:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/07/28 13:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/18 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/09/08 16:38:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/04/25 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2010/02/18 23:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/18 23:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/28 11:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/31 10:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 10:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/15 10:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\acccore
[2009/12/22 21:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\CallingID
[2009/12/22 21:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\comcasttb
[2009/10/31 10:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\LimeWire
[2009/08/21 07:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\Skinux
[2009/05/22 09:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Itunes\Application Data\Yapta
[2006/12/21 19:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\acccore
[2009/12/26 20:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Aim
[2007/08/03 12:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Azureus
[2007/06/11 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\BitTorrent
[2009/12/26 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\CallingID
[2009/12/26 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\comcasttb
[2007/11/03 17:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\DBsign
[2006/07/25 10:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\InterVideo
[2007/05/30 19:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\MSNInstaller
[2009/09/02 18:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Skinux
[2006/06/04 11:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Snapfish
[2006/05/31 15:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Template
[2007/06/09 02:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Viewpoint
[2007/02/28 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Wal-Mart Digital Photo Manager
[2007/02/28 19:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Wal-Mart Digital Photo Viewer
[2006/05/29 23:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Webshots
[2007/07/11 17:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon House\Application Data\Yapta
[2010/02/18 23:26:07 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/17 18:28:20 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/09/17 18:30:54 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009/09/17 18:30:58 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/26 20:22:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/12/26 20:22:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/26 20:22:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/12/26 20:22:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras

OTL Extras logfile created on: 2/22/2010 10:38:04 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Shannon House\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 15.85 Gb Free Space | 22.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A25BD8260D5F438
Current User Name: Shannon House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Sony\VAIO Media 4.0\Vc.exe" = C:\Program Files\Sony\VAIO Media 4.0\Vc.exe:*:Enabled:[VAIO Media] VAIO Media -- (Sony Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\EasySetupAssistant\EasySetupAssistant.exe" = E:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless Utility
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Control Center
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{51735133-A296-4EB0-BF16-AD93B55BD000}" = VAIO Original Screen Saver VAIO Motion SD Wide Contents
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{60435DF6-41D7-49D5-9C3B-1383439E195D}" = Microsoft Office Outlook Connector
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.1
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9155A84B-A94B-496E-9661-9978EB0CBC7C}" = Image Converter 2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}" = MSN Messenger 7.0
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 HomeUse for Air Force
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}" = VAIO Zone Remote Commander
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"2Wire SetupWiz" = Qwest QuickNetworking
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CANONBJ_Deinstall_CNMCP4W.DLL" = Canon i450
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CONNECT" = CONNECT
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.03
"legacyqcam_10.50" = Logitech Legacy USB Camera Driver Package
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Netscape Online Setup" = Netscape Internet Service Setup
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Picasa 3" = Picasa 3
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QwestQuickCare_is1" = Qwest QuickCare 2.2
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Webshots Desktop" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-505099160-220901131-1732615364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Shannon House at 22:50:52.07 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.123 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Shannon House\Desktop\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
mURLSearchHooks: N/A: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\documents and settings\shannon house\start menu\programs\startup\Qwest QuickNetworking.lnk.disabled
StartupFolder: c:\documents and settings\shannon house\start menu\programs\startup\Webshots.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ActivClient Agent.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Service Manager.lnk.disabled
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanno~1\applic~1\mozilla\firefox\profiles\qfz76753.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\itunes\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\shannon house\application data\mozilla\firefox\profiles\qfz76753.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\gradke~1\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDBsignWeb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-19 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NAVENG.SYS [2010-2-24 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NAVEX15.SYS [2010-2-24 1324720]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2010-02-24 23:06:04 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-19 14:40:25 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-19 14:35:57 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-19 14:34:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-19 14:34:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-19 14:34:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-19 14:34:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-19 14:28:36 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-19 14:28:35 0 d-----w- c:\program files\Symantec
2010-02-19 14:26:06 0 d-----w- c:\windows\IsisLogs
2010-02-19 05:21:05 0 d-----w- c:\docume~1\shanno~1\applic~1\Malwarebytes
2010-02-19 05:19:05 0 d-sh--w- c:\documents and settings\shannon house\IETldCache
2010-02-19 04:55:19 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-19 04:55:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 04:15:38 0 d-----w- c:\windows\system32\Adobe
2010-02-19 04:06:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-19 04:06:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 02:55:54 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:55:08 0 d-----w- c:\windows\ie8updates
2010-02-19 02:52:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:52:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:46:44 0 dc-h--w- c:\windows\ie8
2010-02-19 02:38:21 1374 ----a-w- c:\windows\imsins.BAK
2010-02-18 02:10:42 0 d-----w- c:\program files\TrendMicro
2010-02-17 00:07:30 0 d--h--w- C:\$AVG
2010-02-17 00:05:31 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-16 03:29:44 0 d-----r- c:\program files\Skype
2010-02-16 03:13:38 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-16 01:47:54 0 d-----w- c:\program files\AVS4YOU
2010-02-12 01:19:31 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-27 16:01:47 90112 ----a-w- c:\windows\DUMP804b.tmp
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 15:29:53 39476 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-27 04:49:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-27 04:49:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 22:52:49.28 ===============


Attached Files



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 25 February 2010 - 06:55 PM

Hi...please don't forget the RootRepeal log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 25 February 2010 - 10:51 PM

Forgot that one.

Here is the RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/24 22:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA327000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A56000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA999C000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\google updater\googleupdater_download
Status: Allocation size mismatch (API: 0, Raw: 8192)

Path: c:\documents and settings\itunes\local settings\temp\~dff847.tmp
Status: Allocation size mismatch (API: 106496, Raw: 65536)

Path: c:\system volume information\_restore{44a4b43f-bf79-4c22-8f5f-38d07c8d6912}\fifoed\snapshot(2)\_registry_machine_software
Status: Allocation size mismatch (API: 5795840, Raw: 18575360)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x82f88900

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x82e8d5a8

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x82d5b8b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x82d47ac8

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x82d62f78

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82d61698

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x82d5cba0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x82e87208

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x82e8dcc8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x82d590b0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x82e84ec8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x82e88cf0

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x82d5da20

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xf7b06880

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x82e3c7b8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x82e800b8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x82d5cf78

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x82d5e710

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82e84d00

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82e7e848

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82975820

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x82e7e880

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x82e86348

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x82d5bdb8

==EOF==

Attached Files



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 26 February 2010 - 05:31 PM

Hello, spart.
OK, let's get to work.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as spartCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on spartCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 27 February 2010 - 04:44 PM

Here is my Combofix Log. Sorry it took so long everytime I ran it it would stop or just freeze but I go it working.

ComboFix 10-02-26.01 - Itunes 02/27/2010 15:58:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.111 [GMT -5:00]
Running from: c:\documents and settings\Itunes\Desktop\spartCF.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Itunes\LOCALS~1\Temp\minixdm.bak
c:\documents and settings\Itunes\Local Settings\Temp\minixdm.bak
c:\recycler\S-1-5-21-3390883145-1339019468-1265641185-1003
c:\recycler\S-1-5-21-3570098927-1218827405-1837816966-1003
c:\recycler\S-1-5-21-3731500269-442556324-4226017606-1003
c:\recycler\S-1-5-21-3789350414-3130238679-3333186574-1003
c:\recycler\S-1-5-21-815666093-2721590979-1864236860-1003
c:\recycler\S-1-5-21-850732648-3385963428-3470202627-1003
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\setup.exe
c:\windows\smdat32m.sys
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\_000112_.tmp.dll

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 06:36 . 2010-02-27 06:37 -------- d-----w- C:\spartCF7801s
2010-02-26 23:04 . 2010-02-26 23:04 -------- d-----w- C:\spartCF
2010-02-24 23:06 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 03:23 . 2010-02-23 03:23 -------- d-----w- c:\documents and settings\Shannon House\Local Settings\Application Data\Symantec
2010-02-19 14:54 . 2010-02-19 14:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-19 14:41 . 2010-02-19 14:41 -------- dc----w- c:\documents and settings\Itunes\Local Settings\Application Data\Symantec
2010-02-19 14:40 . 2010-01-12 22:57 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-19 14:35 . 2009-09-17 23:38 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-19 14:34 . 2010-02-19 14:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-19 14:34 . 2010-02-19 14:35 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-19 14:28 . 2010-02-19 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 14:28 . 2010-02-19 14:35 -------- d-----w- c:\program files\Symantec
2010-02-19 14:26 . 2010-02-19 14:26 -------- d-----w- c:\windows\IsisLogs
2010-02-19 05:21 . 2010-02-19 05:21 -------- d-----w- c:\documents and settings\Shannon House\Application Data\Malwarebytes
2010-02-19 05:19 . 2010-02-19 05:19 -------- d-sh--w- c:\documents and settings\Shannon House\IETldCache
2010-02-19 05:01 . 2010-02-19 05:01 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-19 05:01 . 2010-02-19 05:01 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-02-19 04:55 . 2010-02-19 04:55 -------- dc----w- c:\documents and settings\Itunes\Application Data\Malwarebytes
2010-02-19 04:55 . 2010-02-19 04:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-19 04:55 . 2010-02-19 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 04:15 . 2010-02-19 04:15 -------- d-----w- c:\windows\system32\Adobe
2010-02-19 04:07 . 2010-02-19 04:07 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 04:06 . 2010-02-19 04:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 03:45 . 2010-02-19 03:45 -------- dcsh--w- c:\documents and settings\Itunes\IECompatCache
2010-02-19 03:44 . 2010-02-19 03:44 -------- dcsh--w- c:\documents and settings\Itunes\PrivacIE
2010-02-19 03:12 . 2010-02-19 03:12 -------- dcsh--w- c:\documents and settings\Itunes\IETldCache
2010-02-19 02:55 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:55 . 2010-02-19 04:02 -------- d-----w- c:\windows\ie8updates
2010-02-19 02:52 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:52 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:46 . 2010-02-19 02:51 -------- dc-h--w- c:\windows\ie8
2010-02-18 02:10 . 2010-02-18 02:10 -------- d-----w- c:\program files\TrendMicro
2010-02-17 00:07 . 2010-02-17 00:08 -------- d-----w- C:\$AVG
2010-02-17 00:05 . 2010-02-19 03:31 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-16 03:29 . 2010-02-16 03:30 -------- d-----r- c:\program files\Skype
2010-02-16 03:13 . 2010-02-16 03:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-16 01:55 . 2010-02-16 01:55 -------- dc----w- c:\documents and settings\Itunes\Application Data\AVS4YOU
2010-02-16 01:47 . 2010-02-16 03:12 -------- d-----w- c:\program files\AVS4YOU
2010-02-12 11:57 . 2010-02-19 02:22 -------- dc----w- c:\documents and settings\Itunes\Application Data\Skype
2010-02-12 01:19 . 2010-02-12 01:19 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 02:19 . 2009-12-26 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-20 15:16 . 2006-06-04 19:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-19 14:40 . 2006-05-30 01:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-19 14:35 . 2010-02-19 14:34 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-19 14:35 . 2010-02-19 14:34 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-19 04:47 . 2009-07-28 18:22 -------- dc----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-02-19 04:25 . 2006-05-30 02:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-02-19 04:25 . 2006-05-30 02:45 -------- d-----w- c:\program files\Viewpoint
2010-02-19 04:06 . 2005-03-09 21:26 -------- d-----w- c:\program files\Java
2010-02-18 03:25 . 2009-12-26 03:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-17 23:33 . 2009-12-26 03:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 00:05 . 2009-04-03 03:39 -------- d-----w- c:\program files\AVG
2010-02-16 03:28 . 2009-05-28 22:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-16 02:32 . 2009-05-22 05:39 -------- dc----w- c:\documents and settings\Itunes\Application Data\Apple Computer
2010-02-14 21:01 . 2005-03-09 21:49 -------- d-----w- c:\program files\Google
2010-02-12 01:32 . 2007-02-25 05:59 -------- d-----w- c:\program files\Azureus
2010-02-12 01:32 . 2009-08-21 04:02 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-12 01:32 . 2009-08-21 04:02 -------- d-----w- c:\program files\ArcSoft
2010-02-12 01:32 . 2005-03-09 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 01:30 . 2006-12-22 00:06 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2010-02-12 01:30 . 2006-12-22 00:05 -------- d-----w- c:\program files\Common Files\AOL
2010-02-05 22:09 . 2008-07-12 17:51 -------- d-----w- c:\program files\Safari
2010-01-27 16:01 . 2006-05-29 23:43 90112 ----a-w- c:\windows\DUMP804b.tmp
2010-01-10 21:07 . 2009-09-16 00:26 -------- dc----w- c:\documents and settings\Itunes\Application Data\Move Networks
2009-12-31 16:50 . 2005-03-09 19:20 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 15:29 . 2008-07-12 23:34 39476 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-27 15:19 . 2009-05-22 05:32 43840 -c--a-w- c:\documents and settings\Itunes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2005-03-09 19:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2005-03-09 20:33 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-03-09 19:19 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-09 19:19 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-03-09 19:19 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-08-18 18:00 . 2007-11-03 22:31 270336 ------w- c:\program files\mozilla firefox\plugins\DCAENTU.dll
2004-08-18 18:00 . 2007-11-03 22:31 1294336 ------w- c:\program files\mozilla firefox\plugins\DCARSA.dll
2004-08-18 18:00 . 2007-11-03 22:31 348160 ------w- c:\program files\mozilla firefox\plugins\GuiUtils.dll
2004-08-18 18:00 . 2007-11-03 22:31 122880 ------w- c:\program files\mozilla firefox\plugins\nsldap32v30.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

c:\documents and settings\Shannon House\Start Menu\Programs\Startup\
Qwest QuickNetworking.lnk.disabled [2006-8-31 766]
Webshots.lnk.disabled [2008-4-1 676]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 22:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 22:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\Itunes\LOCALS~1\Temp\minixdm.bak 2yAPFDOFNF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" /ini "c:\program files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"ISBMgr.exe"=c:\program files\Sony\ISB Utility\ISBMgr.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Mouse Suite 98 Daemon"=ICO.EXE
"QuickCare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SonyPowerCfg"=c:\program files\Sony\VAIO Power Management\SPMgr.exe
"SsAAD.exe"=c:\progra~1\sony\SONICS~1\SsAAD.exe
"TVTunerLib"=c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
"VAIO Recovery"=c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"VZRemoteCommander"=c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
"Apoint"=c:\program files\Apoint\Apoint.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/19/2010 9:37 AM 102448]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 3:41 PM 47660]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 01:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
FF - ProfilePath - c:\documents and settings\Itunes\Application Data\Mozilla\Firefox\Profiles\ouysdupx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\Itunes\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\GRADKE~1\DBSIGN~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDBsignWeb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-Symantec Antvirus
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200
AddRemove-HijackThis - c:\docume~1\Itunes\LOCALS~1\Temp\ayi9o323.tmp\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'explorer.exe'(7440)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\ActivIdentity\ActivClient\accoca.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-02-27 16:39:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 21:39

Pre-Run: 17,340,473,344 bytes free
Post-Run: 19,259,998,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

- - End Of File - - 66CDCAE6C353B40A6CFBEC614F768A5E


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 28 February 2010 - 07:01 AM

Hello, spart.
Ok, how is it running now? There's still some things to take care of, but the main infection should be fixed.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.



Step 1

Please run a new DDS log and post that in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 February 2010 - 10:35 AM

It seems ok so far, of course I haven't tried to do anything with it yet. Once this computer is clean I'm going to go through and clean up the remaining junk on this computer. Here is the DDS Log. I will paste the Attach log here as well and upload it as an attachment.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Itunes at 10:23:27.46 on Sun 02/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.260 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Itunes\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ActivClient Agent.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Service Manager.lnk.disabled
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\itunes\applic~1\mozilla\firefox\profiles\ouysdupx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\itunes\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\gradke~1\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDBsignWeb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-19 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100226.006\NAVENG.SYS [2010-2-26 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100226.006\NAVEX15.SYS [2010-2-26 1324720]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
S4 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]

=============== Created Last 30 ================

2010-02-27 20:52:17 0 d-sha-r- C:\cmdcons
2010-02-27 20:26:18 98816 ----a-w- c:\windows\sed.exe
2010-02-27 20:26:18 77312 ----a-w- c:\windows\MBR.exe
2010-02-27 20:26:18 261632 ----a-w- c:\windows\PEV.exe
2010-02-27 20:26:18 161792 ----a-w- c:\windows\SWREG.exe
2010-02-27 06:36:57 0 d-----w- C:\spartCF7801s
2010-02-26 23:04:15 0 d-----w- C:\spartCF
2010-02-24 23:06:04 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-20 02:05:53 0 -c--a-w- c:\documents and settings\itunes\defogger_reenable
2010-02-19 14:40:25 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-19 14:35:57 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-19 14:34:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-19 14:34:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-19 14:34:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-19 14:34:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-19 14:28:36 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-19 14:28:35 0 d-----w- c:\program files\Symantec
2010-02-19 14:26:06 0 d-----w- c:\windows\IsisLogs
2010-02-19 04:55:27 0 dc----w- c:\docume~1\itunes\applic~1\Malwarebytes
2010-02-19 04:55:19 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-19 04:55:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 04:15:38 0 d-----w- c:\windows\system32\Adobe
2010-02-19 04:06:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-19 04:06:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 03:45:23 0 dcsh--w- c:\documents and settings\itunes\IECompatCache
2010-02-19 03:44:53 0 dcsh--w- c:\documents and settings\itunes\PrivacIE
2010-02-19 03:12:11 0 dcsh--w- c:\documents and settings\itunes\IETldCache
2010-02-19 02:55:54 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:55:08 0 d-----w- c:\windows\ie8updates
2010-02-19 02:52:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:52:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:46:44 0 dc-h--w- c:\windows\ie8
2010-02-19 02:38:21 1374 ----a-w- c:\windows\imsins.BAK
2010-02-18 02:10:42 0 d-----w- c:\program files\TrendMicro
2010-02-17 00:07:30 0 d-----w- C:\$AVG
2010-02-17 00:05:31 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-16 03:29:44 0 d-----r- c:\program files\Skype
2010-02-16 03:13:38 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-16 01:55:20 0 dc----w- c:\docume~1\itunes\applic~1\AVS4YOU
2010-02-16 01:47:54 0 d-----w- c:\program files\AVS4YOU
2010-02-12 01:19:31 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-27 16:01:47 90112 ----a-w- c:\windows\DUMP804b.tmp
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 15:29:53 39476 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 10:25:31.96 ===============


Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/29/2006 7:48:12 PM
System Uptime: 2/27/2010 4:19:29 PM (18 hours ago)
Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 18.036 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1338: 1/15/2010 7:15:20 PM - Software Distribution Service 3.0
RP1339: 1/17/2010 2:54:59 PM - System Checkpoint
RP1340: 1/18/2010 3:00:44 AM - Software Distribution Service 3.0
RP1341: 1/19/2010 3:01:45 AM - Software Distribution Service 3.0
RP1342: 1/20/2010 3:01:01 AM - Software Distribution Service 3.0
RP1343: 1/20/2010 4:36:45 AM - Software Distribution Service 3.0
RP1344: 1/27/2010 10:31:34 PM - System Checkpoint
RP1345: 1/28/2010 3:00:46 AM - Software Distribution Service 3.0
RP1346: 1/29/2010 3:00:45 AM - Software Distribution Service 3.0
RP1347: 1/30/2010 3:00:45 AM - Software Distribution Service 3.0
RP1348: 1/31/2010 3:00:40 AM - Software Distribution Service 3.0
RP1349: 2/1/2010 3:00:54 AM - Software Distribution Service 3.0
RP1350: 2/2/2010 3:00:39 AM - Software Distribution Service 3.0
RP1351: 2/2/2010 8:58:51 AM - Avg8 Update
RP1352: 2/3/2010 3:00:38 AM - Software Distribution Service 3.0
RP1353: 2/4/2010 3:00:40 AM - Software Distribution Service 3.0
RP1354: 2/5/2010 3:05:01 AM - Software Distribution Service 3.0
RP1355: 2/5/2010 5:36:32 PM - Software Distribution Service 3.0
RP1356: 2/7/2010 4:03:30 PM - System Checkpoint
RP1357: 2/8/2010 5:00:27 PM - System Checkpoint
RP1358: 2/11/2010 8:31:31 PM - System Checkpoint
RP1359: 2/11/2010 9:20:01 PM - Software Distribution Service 3.0
RP1360: 2/12/2010 7:00:20 AM - Software Distribution Service 3.0
RP1361: 2/12/2010 8:03:24 PM - Software Distribution Service 3.0
RP1362: 2/14/2010 3:15:18 PM - Removed Google Earth.
RP1363: 2/14/2010 4:46:28 PM - Software Distribution Service 3.0
RP1364: 2/14/2010 5:03:22 PM - Software Distribution Service 3.0
RP1365: 2/14/2010 7:47:59 PM - Software Distribution Service 3.0
RP1366: 2/14/2010 10:47:52 PM - Software Distribution Service 3.0
RP1367: 2/15/2010 11:46:32 AM - Software Distribution Service 3.0
RP1368: 2/15/2010 10:08:55 PM - Restore Operation
RP1369: 2/15/2010 10:20:13 PM - Software Distribution Service 3.0
RP1370: 2/15/2010 10:40:45 PM - Software Distribution Service 3.0
RP1371: 2/16/2010 5:57:10 PM - Removed AVG Free 8.5
RP1372: 2/16/2010 6:31:51 PM - Installed AVG Free 8.5
RP1373: 2/16/2010 7:05:30 PM - Installed AVG Free 9.0
RP1374: 2/17/2010 3:01:24 AM - Software Distribution Service 3.0
RP1375: 2/17/2010 6:13:28 AM - Software Distribution Service 3.0
RP1376: 2/17/2010 6:28:18 PM - Software Distribution Service 3.0
RP1377: 2/17/2010 9:10:14 PM - Installed HiJackThis
RP1378: 2/18/2010 3:00:58 AM - Software Distribution Service 3.0
RP1379: 2/18/2010 6:21:55 PM - Software Distribution Service 3.0
RP1380: 2/18/2010 9:09:22 PM - Unsigned driver install
RP1381: 2/18/2010 9:29:41 PM - Software Distribution Service 3.0
RP1382: 2/18/2010 9:35:20 PM - Software Distribution Service 3.0
RP1383: 2/18/2010 10:17:34 PM - Software Distribution Service 3.0
RP1384: 2/18/2010 10:28:58 PM - Removed AVG Free 9.0
RP1385: 2/18/2010 10:32:17 PM - Installed AVG Free 9.0
RP1386: 2/18/2010 10:37:15 PM - Software Distribution Service 3.0
RP1387: 2/18/2010 10:40:41 PM - Software Distribution Service 3.0
RP1388: 2/18/2010 10:46:02 PM - Software Distribution Service 3.0
RP1389: 2/18/2010 10:55:25 PM - Software Distribution Service 3.0
RP1390: 2/18/2010 11:05:00 PM - Removed J2SE Runtime Environment 5.0
RP1391: 2/18/2010 11:06:06 PM - Installed Java™ 6 Update 18
RP1392: 2/18/2010 11:18:46 PM - Software Distribution Service 3.0
RP1393: 2/18/2010 11:46:04 PM - Removed CA Pest Patrol Realtime Protection
RP1394: 2/18/2010 11:47:20 PM - Removed Desktop Doctor
RP1395: 2/18/2010 11:49:06 PM - Removed HiJackThis
RP1396: 2/19/2010 9:26:49 AM - Installed Symantec Endpoint Protection.
RP1397: 2/20/2010 2:58:04 PM - System Checkpoint
RP1398: 2/22/2010 10:42:48 PM - OTL Restore Point
RP1399: 2/23/2010 6:00:57 PM - System Checkpoint
RP1400: 2/24/2010 5:41:45 PM - Software Distribution Service 3.0
RP1401: 2/25/2010 5:43:54 PM - System Checkpoint
RP1402: 2/27/2010 9:52:41 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
ActivClient 6.1 HomeUse for Air Force
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon i450
Canon PhotoRecord
Canon PIXMA iP1500
CCleaner
CCScore
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DBsign Web Signer
DIGOpt
DIGReqEx
Download Updater (AOL LLC)
DVgate Plus
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Google Gmail Notifier
Google Photos Screensaver
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Image Converter 2
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
InterVideo WinDVDX
iPod for Windows 2006-06-28
ISScript
iTunes
Java Auto Updater
Java™ 6 Update 18
K-Lite Mega Codec Pack 1.03
Kodak EasyShare software
LiveUpdate 3.3 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Video Enumerator
Magellan POI File Editor
MathPlayer
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Outlook Connector
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
MobileMe Control Panel
MoodLogic
Move Media Player
Mozilla Firefox (3.6)
mPfMgr
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MVision
mXML
netbrdg
Netflix Movie Viewer
Netscape Internet Service Setup
NVIDIA Drivers
OfotoXMI
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Picasa 3
PictureGear Studio 2.0
Quicken 2005
QuickTime
Qwest QuickCare 2.2
Qwest QuickNetworking
RealPlayer
Realtek High Definition Audio Driver
Safari
Samsung USB Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Setting Utility Series
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 4.1
SonicStage 3.0
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
staticcr
Symantec Endpoint Protection
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO TV Tuner Library 1.4
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
VAIO Zone Remote Commander
VPRINTOL
WebFldrs XP
Webshots Desktop
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

2/27/2010 3:48:04 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
2/27/2010 3:23:22 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/27/2010 3:23:22 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
2/25/2010 5:32:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/25/2010 12:51:16 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
2/24/2010 9:59:49 PM, error: Dhcp [1002] - The IP address lease 10.6.1.23 for the Network Card with network address 00014A5ECAE5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/24/2010 9:50:09 PM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s).
2/24/2010 6:18:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/24/2010 6:18:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/24/2010 6:13:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 6:13:48 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/24/2010 3:01:22 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/24/2010 2:45:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'minixdm.bak' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/24/2010 11:45:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/24/2010 11:38:07 PM, error: DCOM [10000] - Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}. The error: "%2" Happened while starting this command: "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" -Embedding
2/24/2010 11:35:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
2/24/2010 11:31:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/24/2010 10:00:04 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8210c020, parameter3 8210c194, parameter4 805c8c8a.
2/23/2010 8:56:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/23/2010 5:38:23 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 82d7b6a8, parameter3 82d7b81c, parameter4 805c8c8a.
2/23/2010 12:17:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Attached Files



#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 28 February 2010 - 10:48 AM

Hello, spart.
OK, just some leftovers, then let's run an online scan for confirmation.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2
  • Open notepad.
  • Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
  • Save it to your desktop (click file, save as) as "fixit.reg" with the quotes.

CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"=-
[-HKEY_CLASSES_ROOT\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}]


NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.




Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push



Step 4

In your reply, please:
  • Let me know the registry fix in Step 2 merged successfully.
  • Post the ESET log..if no threats found, there is no long, just let me know.
  • Please post an updated DDS log after running all the steps...no need for attach.txt, just the main one.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 spart

spart
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 28 February 2010 - 12:40 PM

The "fixit.reg" was added into the registry successfully. It didn't ask to merge but it did add it in. I'm sunning the Eset Scanner now and will post the report when it finishes. Thank you for your help with this.

spart




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users