Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus and BSOD when GMER runs


  • This topic is locked This topic is locked
7 replies to this topic

#1 Chris Tettamanti

Chris Tettamanti

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 April 2010 - 03:49 AM

I have some downloader virus. Been directed here via this post http://www.bleepingcomputer.com/forums/t/307483/downloader-that-norton-catches/ .

Last thing was the GMER. Starts fine but then gets to about 15 minutes then stops with BSOD. Even in safe mode.

Here is the DDS scan attached in the zip file.

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 17 April 2010 - 07:40 AM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found in the link below. Since GMER isn't running well, ensure "sections" is checked, but you can uncheck "devices". If all else fails, run GMER in safe mode, without being connected to the internet, with only "sections" and "Files" checked.

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Please copy and paste the contents into your reply, it's much easier for us compared with a zip file, or even attaching the TXT files to the thread.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Chris Tettamanti

Chris Tettamanti
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 April 2010 - 11:50 PM

Running the GMER now. Here is the OTL

OTL logfile created on: 4/19/2010 9:34:04 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Chris\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 2.38 Gb Free Space | 0.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/19 21:33:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/22 21:40:33 | 003,214,272 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/02/18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/26 14:46:32 | 007,947,528 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
PRC - [2010/01/26 14:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PRC - [2010/01/26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2010/01/26 14:46:14 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/11 17:36:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/05/21 17:21:34 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/05/21 17:21:34 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/10 00:09:02 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/04 18:19:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/04 17:46:03 | 000,014,088 | ---- | M] (CA) -- C:\Program Files\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2009/01/09 17:13:28 | 001,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/01/09 17:13:26 | 000,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/10/23 15:46:26 | 000,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/10/23 15:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/10/23 15:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\Utilities\CDBurnerXP\NMSAccessU.exe
PRC - [2008/02/01 01:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/20 19:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 19:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/08/06 17:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\Utilities\PowerISO\PWRISOVM.EXE
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/10 12:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/10 12:22:20 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 21:33:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2009/04/10 23:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/03/04 17:46:03 | 000,083,208 | ---- | M] (CA) -- C:\Program Files\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOEHook.dll
MOD - [2009/02/13 09:22:35 | 000,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
MOD - [2008/01/20 19:24:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/25 13:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/26 14:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2010/01/26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/11 17:36:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/21 17:21:34 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/10 00:09:02 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/03/04 17:52:47 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/02/10 12:10:00 | 000,136,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2009/01/09 17:13:28 | 001,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008/10/23 15:46:14 | 000,121,744 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/10/23 15:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/23 15:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Utilities\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/09/18 11:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 19:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 19:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/10 12:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 4B 4F 38 CA AC CA 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 4B 4F 38 CA AC CA 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/04/07 18:15:49 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Utilities\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.3\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\Utilities\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Utilities\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-3347264131-2855308606-2150285675-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.3\npchrome_frame.dll (@COMPANY_FULLNAME@)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 19:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk - C:\Program Files\palmOne\register.exe - (palmOne/Leader Technologies)
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {221DAF1E-4C1B-8D19-B4E6-AA5492E9F625} - Offline Browsing Pack
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {57B131EE-C010-E167-9E51-F0343971E616} - Browser Customizations
ActiveX: {5C729E26-5F4E-BAF2-1799-A959988E5A26} - Themes Setup
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {97007FE1-88A1-470F-EC38-F33352258DDA} - Adobe Shockwave Director 10.2
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF3B067D-DCA5-6B6D-9181-52024EAE4D70} - Themes Setup
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/19 21:33:18 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/04/19 20:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/19 20:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/17 07:03:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2010/04/16 12:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\VisDir
[2010/04/16 10:45:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2010/04/15 19:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/04/10 17:10:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\BoutellDotCom
[2010/04/10 08:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/10 08:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/10 08:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/10 08:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/09 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/07 18:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/07 17:32:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\DoctorWeb
[2010/04/07 16:42:14 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[7 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/19 21:36:29 | 008,912,896 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010/04/19 21:33:25 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/04/19 21:27:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/19 20:48:36 | 000,038,400 | ---- | M] () -- C:\Users\Chris\Documents\Book1.xls
[2010/04/19 20:44:04 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6DE676D3-1E14-4498-8D1F-DF450DCD46FD}.job
[2010/04/19 20:44:00 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 20:44:00 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 15:54:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/19 14:18:00 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chris.job
[2010/04/19 09:41:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/19 03:53:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/18 23:27:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/18 21:57:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/18 14:22:56 | 000,052,613 | ---- | M] () -- C:\myfinds.gpx
[2010/04/17 17:56:52 | 000,002,607 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office Excel 2003.lnk
[2010/04/17 10:25:25 | 000,044,002 | ---- | M] () -- C:\Users\Chris\Documents\test.CSV
[2010/04/17 10:25:23 | 000,038,427 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/04/17 10:18:57 | 000,002,633 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office Outlook 2003.lnk
[2010/04/17 00:00:35 | 001,685,161 | ---- | M] () -- C:\notfound.pdb
[2010/04/16 16:45:22 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/16 16:44:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/16 16:43:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/16 16:43:36 | 3756,134,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 14:52:29 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 14:52:29 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/04/16 14:52:04 | 002,645,532 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/04/16 12:21:35 | 000,000,822 | ---- | M] () -- C:\Users\Chris\Desktop\VisDir.lnk
[2010/04/16 10:54:33 | 000,027,335 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\nvModes.001
[2010/04/16 10:10:12 | 000,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/16 10:10:12 | 000,636,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/16 10:10:12 | 000,118,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 18:21:59 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/15 17:47:11 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2010/04/13 20:24:18 | 000,207,872 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 01:23:12 | 362,074,032 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/11 09:36:08 | 000,000,000 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2010/04/11 04:33:35 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/10 17:11:49 | 000,000,173 | ---- | M] () -- C:\Windows\mapedit2.ini
[2010/04/10 17:11:08 | 000,000,015 | -H-- | M] () -- C:\Users\Chris\AppData\Roaming\mpdt294
[2010/04/10 08:31:18 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/07 18:15:49 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/07 16:42:26 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2010/04/06 15:36:01 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010/04/06 10:10:29 | 000,000,919 | ---- | M] () -- C:\Users\Chris\Desktop\Launch Internet Explorer Browser.lnk
[7 C:\Users\Chris\*.tmp files -> C:\Users\Chris\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 18:41:58 | 000,038,400 | ---- | C] () -- C:\Users\Chris\Documents\Book1.xls
[2010/04/17 10:25:23 | 000,038,427 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/04/17 10:25:20 | 000,044,002 | ---- | C] () -- C:\Users\Chris\Documents\test.CSV
[2010/04/16 12:21:35 | 000,000,822 | ---- | C] () -- C:\Users\Chris\Desktop\VisDir.lnk
[2010/04/11 11:47:21 | 3756,134,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/11 09:36:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2010/04/11 04:33:35 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/10 17:11:08 | 000,000,015 | -H-- | C] () -- C:\Users\Chris\AppData\Roaming\mpdt294
[2010/04/10 17:10:59 | 000,000,173 | ---- | C] () -- C:\Windows\mapedit2.ini
[2010/04/10 10:27:43 | 000,052,613 | ---- | C] () -- C:\myfinds.gpx
[2010/04/10 08:36:08 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/10 08:31:18 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 17:25:09 | 001,685,161 | ---- | C] () -- C:\notfound.pdb
[2010/04/07 18:37:11 | 362,074,032 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/22 21:36:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/16 01:19:59 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/02/16 01:19:59 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/02/16 00:23:29 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/02/01 19:24:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/01/24 19:01:40 | 000,000,108 | ---- | C] () -- C:\Users\Chris\webct_upload_applet.properties
[2009/12/31 00:36:09 | 000,000,111 | ---- | C] () -- C:\Windows\GMouse.ini
[2009/11/18 23:19:29 | 000,000,016 | ---- | C] () -- C:\Users\Chris\persistent_state
[2009/07/31 15:29:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/25 22:41:48 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/07/25 22:41:47 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/05/05 11:30:30 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/18 17:35:59 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/04/13 20:19:58 | 000,000,469 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2009/04/11 19:00:31 | 000,870,128 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\mcs.rma
[2009/04/11 19:00:31 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\221A1A
[2009/03/21 13:47:50 | 000,155,972 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\ReplayMusicLog.log
[2009/03/05 12:39:24 | 000,207,872 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 10:08:53 | 000,000,074 | -H-- | C] () -- C:\Windows\vbmgsext.ini
[2009/03/05 10:08:53 | 000,000,074 | -H-- | C] () -- C:\Windows\vbmgsent.ini
[2009/03/04 23:01:35 | 000,000,038 | ---- | C] () -- C:\Windows\ChssBase.ini
[2009/03/04 20:32:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/04 18:34:07 | 000,027,335 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\nvModes.001
[2009/03/04 17:37:30 | 000,027,335 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\nvModes.dat
[2009/03/04 15:54:01 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/04 15:23:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/04 14:38:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/03/04 14:25:36 | 000,001,356 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2009/03/04 14:25:35 | 008,912,896 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT
[2009/03/04 14:25:35 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2009/03/04 14:25:35 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2009/03/04 14:25:35 | 000,262,144 | -H-- | C] () -- C:\Users\Chris\ntuser.dat.LOG1
[2009/03/04 14:25:35 | 000,065,536 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2009/03/04 14:25:35 | 000,000,020 | -HS- | C] () -- C:\Users\Chris\ntuser.ini
[2009/03/04 14:25:35 | 000,000,000 | -H-- | C] () -- C:\Users\Chris\ntuser.dat.LOG2
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/30 20:58:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2010/04/10 17:10:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BoutellDotCom
[2009/08/27 18:53:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BSW
[2009/03/21 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe_Limited
[2009/03/05 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ChessBase
[2009/07/09 22:05:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Crayon Physics Deluxe
[2010/02/22 17:45:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVD Profiler
[2009/06/30 22:07:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EurekaLog
[2009/03/08 13:10:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Gamelab
[2009/06/11 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GARMIN
[2009/04/05 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Gold Casual Games
[2010/02/18 17:36:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HandBrake
[2009/05/13 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HotSync
[2009/07/02 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICAClient
[2009/05/13 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2009/06/01 21:14:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LogicWeave Software
[2010/03/07 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Marine Aquarium 3
[2009/10/11 08:37:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MeggieSoft Games
[2009/07/25 13:29:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Scrabble Plus
[2009/03/27 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SerpentOfIsis
[2009/03/05 12:32:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ShredderChess
[2010/03/20 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SolSuite
[2009/03/05 12:07:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Thinstall
[2010/03/29 19:54:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2009/06/16 22:19:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Venture
[2009/04/30 10:01:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\webex
[2010/04/19 15:54:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/19 03:53:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/19 09:41:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/18 21:57:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/16 14:52:52 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/19 20:44:04 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6DE676D3-1E14-4498-8D1F-DF450DCD46FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/20 19:24:51 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\eventcls.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[1999/01/09 15:53:56 | 000,161,280 | ---- | M] () -- C:\jphide.exe
[1999/01/09 15:41:34 | 000,128,000 | ---- | M] () -- C:\jpseek.exe


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 15:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Windows\drivers\R154164\Winall\Driver64\IaStor.sys
[2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\drivers\R154164\Winall\Driver\iaStor.sys
[2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\drivers\R154200\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Documents\P6210127.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Chris\Documents\Hawaii 08 086.JPG:Roxio EMC Stream
< End of report >


#4 Chris Tettamanti

Chris Tettamanti
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 20 April 2010 - 09:53 AM

OTL Extra file (forgot this one.)

OTL Extras logfile created on: 4/19/2010 9:34:10 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Chris\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 2.38 Gb Free Space | 0.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\Utilities\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\Utilities\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C5BE32C-C9D0-4C57-BBC2-7462F8690186}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D424749-01FD-46D8-855C-6BB6C30023D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2A4568DC-DF29-432C-BBB9-1D6F1E06363A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D440392-CFDC-42FF-9C3E-047D45C1CE1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E57EAFA-F007-4E5C-AC20-C377D136E4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32E04DFB-33B8-4933-AA62-D3585CD80C37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46377651-6DF6-4DAF-BF76-922C8A9E4696}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46D4DD76-D286-425A-B002-A8930A880F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4994771F-7EB8-4322-9BBB-E61233C7D7A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{663C19A0-EC32-4049-8CAD-E2A9607EBB6B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{67380E4D-262F-42CB-A31C-EACC237C2D8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69D78727-79D4-446B-9ACA-FB062E822D90}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{6D58AEFA-66F8-4547-88FB-CC96048CEB9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72323594-47BD-474E-B2C6-621192C77821}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F75920C-B0C3-4BF5-999B-434671D0466D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{875B63DB-9756-4C50-843E-7429C64C7E12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D02ACEB-AF02-4D8B-A798-298215AC0F30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93DBE171-DDF1-4703-9CCF-1CBB3058292C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95D00AE1-CFAF-41BF-BBF4-114BDE8291C2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1F60A27-98D2-48AC-9351-C21DCF2CB7C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8A13B8E-3B1D-4AC6-9AA4-48B2187DB570}" = lport=138 | protocol=17 | dir=in | app=system |
"{B23C8B1B-2737-4C8E-ADD8-8CFA24CEE253}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B959B05C-8B99-48DB-AA66-EFFC80C92DE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{CAEC16D9-B52C-49EA-8D96-21B35192A1C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{CDA1E6D1-F5AA-47DD-B63B-EB2FC0951F9B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D062859F-27F5-48F9-8CC1-5A27D3C5646C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D647A8E8-49CF-4B3F-9AEB-765DEE6D7D05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB98815A-7FA0-4BD7-888F-71462C219C61}" = rport=137 | protocol=17 | dir=out | app=system |
"{E424925D-3F04-442C-8D75-C4CBE24C57BA}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07118325-F66C-4644-84BC-9AE5537563E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F129BBD-9203-4DC2-B1F3-64A9AC181346}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{19BF69E6-A5DF-4F1C-BB62-828E3E8F4B03}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{1C065618-D504-43F2-92EF-3861992FF08B}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{1EA756D2-7360-419B-9257-4810EEE7341D}" = protocol=17 | dir=in | app=c:\program files\utilities\utorrent\utorrent.exe |
"{24A92061-B04D-48C5-B91F-99CA0D66675D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42284D12-B44F-486D-9974-85B69BC1EBD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42E54454-F7ED-4D57-AF2D-246B173BA635}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{51D5F657-6873-4E1E-BA42-1BFD4EB84F1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53AD0217-70C5-4F29-B2CC-6EF9E55B64C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC9ED4F-DD27-42AC-A21C-395E3BF29AF4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A11B2A6-06F4-4EBE-806E-A66D450973B1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6C9546D5-6E7F-4091-8566-EFF325337A68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6F684196-E82E-4FB4-8EA6-F344FE18EC6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{751708C8-E075-4DCD-A4DE-F55BE845509E}" = protocol=6 | dir=out | app=system |
"{7E226C2A-B3B1-4BF8-A18F-35ABE5F0D619}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{82FF5439-737C-4AD3-92E9-137CC7021392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{856F43C0-D0E0-4B92-AE07-EF5B6D93564E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8684223E-8184-425B-8A1A-2121643E904B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{899CF939-B13A-4FA4-BB0C-E90EECEF3652}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8EC88FE6-5FBE-44C4-9A42-43844A06AF9F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{95226677-97DC-42B8-9B47-CE1C4F836405}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9631FB9E-8C44-49CA-982B-DB410B134CBC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DD44A24-7873-4F90-8397-278EC80CC6A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3734AFD-00CD-495C-AFF1-6C5A93746FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4595B5A-0233-4432-B17A-2874CB83BF07}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{B00715B8-6D3E-4C0E-BAB8-17090F25CBFE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B11EAE12-C44B-4D61-879D-D12D27365D1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8127609-47E3-4697-955D-D45CD64ECDC9}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{C680526D-7F2D-4FB8-A6C3-ADB84DC0E785}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{DF52AA47-0569-4981-AD46-E0E2F08776C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E12E996A-B678-4ABD-A514-AEF933C99939}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3A8180B-13BB-45A7-BA24-F8D1C952DFCE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4757CA3-CCEE-4507-AC7A-013C22F3CB9D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EFA5C698-FD29-4E0F-8B6D-FBE342F62B66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFCAF1AD-1815-483B-BC3A-09B3001150DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7A0DAC8-D864-4D9C-9F5B-88411641D14E}" = protocol=6 | dir=in | app=c:\program files\utilities\utorrent\utorrent.exe |
"TCP Query User{3819A044-CE0D-41D9-A27B-E42CCF3D55C3}C:\program files\nevo\nevomedia player\nevomediaplayer.exe" = protocol=6 | dir=in | app=c:\program files\nevo\nevomedia player\nevomediaplayer.exe |
"TCP Query User{3C6044B0-8CCE-4DFE-9E29-1F248E27339D}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{59E26F4E-E8D1-46A1-9EBD-D8D3099A791E}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=6 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"TCP Query User{5C13D1D2-330A-4861-8015-C8FC0F5F660E}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=6 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"TCP Query User{5D89B675-7541-49DB-A93B-5761FFFEEC25}C:\program files\microsoft office\office11\frontpg.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office11\frontpg.exe |
"TCP Query User{6178DC40-0C95-4FFA-AF53-002354CFE196}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{6E6F7EB4-BAB3-4C2D-A2A7-7D678A32F298}C:\program files\symantec\pcanywhere\awrem32.exe" = protocol=6 | dir=in | app=c:\program files\symantec\pcanywhere\awrem32.exe |
"TCP Query User{736FD84F-AF19-49F0-B468-FBE16738B0E3}C:\program files\nevo\nevomedia player\nevomediaplayer.exe" = protocol=6 | dir=in | app=c:\program files\nevo\nevomedia player\nevomediaplayer.exe |
"TCP Query User{825D04BF-3338-41C6-85AA-8871916C7788}C:\program files\makemkv\makemkvcon.exe" = protocol=6 | dir=in | app=c:\program files\makemkv\makemkvcon.exe |
"TCP Query User{B5F699AE-B01F-4C07-818C-822768CC6D8E}C:\program files\utilities\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utilities\utorrent\utorrent.exe |
"TCP Query User{DCC16A32-C9F2-4CAC-8FCC-62F2B5133B2D}D:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=6 | dir=in | app=d:\wd_windows_tools\wddiscovery\wddiscovery.exe |
"UDP Query User{03F0E0DF-2161-4D2B-A5C3-93E0361B4FF1}C:\program files\nevo\nevomedia player\nevomediaplayer.exe" = protocol=17 | dir=in | app=c:\program files\nevo\nevomedia player\nevomediaplayer.exe |
"UDP Query User{205FF9DB-BE1F-4A37-BD83-A7DC74FCF4BA}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{499A631B-7DBD-4686-A5BB-22BA315FD603}D:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=17 | dir=in | app=d:\wd_windows_tools\wddiscovery\wddiscovery.exe |
"UDP Query User{4BA67045-B8F3-4510-9490-1A96148017DD}C:\program files\utilities\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utilities\utorrent\utorrent.exe |
"UDP Query User{4BB97307-D39B-48B5-ABDC-D1CB7964E55F}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{5207DC8B-0047-4441-97C3-3D9F98A94B23}C:\program files\makemkv\makemkvcon.exe" = protocol=17 | dir=in | app=c:\program files\makemkv\makemkvcon.exe |
"UDP Query User{93D049BF-8464-4BAA-BE59-4D084E54700A}C:\program files\microsoft office\office11\frontpg.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office11\frontpg.exe |
"UDP Query User{A93D9A67-1F00-47BF-A952-223CB4DCEFB0}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=17 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"UDP Query User{CD576544-58E7-4003-B2F3-04768BF392E4}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=17 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |
"UDP Query User{E05AD06D-FD2E-41CC-8957-0AFD9CC92E95}C:\program files\symantec\pcanywhere\awrem32.exe" = protocol=17 | dir=in | app=c:\program files\symantec\pcanywhere\awrem32.exe |
"UDP Query User{F7A9C886-4F0C-48EE-AC3F-585D9D797484}C:\program files\nevo\nevomedia player\nevomediaplayer.exe" = protocol=17 | dir=in | app=c:\program files\nevo\nevomedia player\nevomediaplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12518183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{152D98A0-1A4A-11DE-72AE-0C3234F92CD6}" = Baseball Mogul 2010 patch to 12.12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 19
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AF28D60-EAA2-012B-AE46-000000000000}" = TurboTax 2009 wnhiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4440846D-057E-4D60-A41A-7B0D64E4447B}" = Symantec AntiVirus
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E38417C-4999-4FBA-B3BE-5C306B450A32}" = CacheStats
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF652E2D-6128-49E9-833E-F131C4FC42CA}" = ChessBase 10
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D5B11428-F4C4-4FC2-AF89-4D2163BD1D28}" = ChessBase 10
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2741785-8993-4BB6-A76F-35244DC4FFB0}" = SlingPlayer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38BBAD2-E89C-4C15-9727-1D284F088667}_is1" = ScrabblePLUS v1.0
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveTouchMeetingClient" = Meeting Service
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"ASCOM Platform 4.1" = ASCOM Platform 4.1
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"BSW" = BrettspielWelt
"Carbonite Backup" = Carbonite
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"eTrust Suite Personal" = CA Internet Security Suite
"Family Tree Maker 2009" = Family Tree Maker 2009
"Google Chrome Frame" = Google Chrome Frame
"Google Updater" = Google Updater
"GSAK_is1" = GSAK 7.7.0.109 (Final)
"Handbrake" = Handbrake 0.9.4
"HijackThis" = HijackThis 2.0.2
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"InstallShield_{E2741785-8993-4BB6-A76F-35244DC4FFB0}" = SlingPlayer
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.4 (build 0245)" = Magic ISO Maker v5.4 (build 0245)
"MakeMKV" = MakeMKV v1.4.12_beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MeggieSoft Games Canasta_is1" = MeggieSoft Games Canasta
"MeggieSoft Games Cribbage_is1" = MeggieSoft Games Cribbage
"MeggieSoft Games German Whist_is1" = MeggieSoft Games German Whist
"MeggieSoft Games Gin Rummy_is1" = MeggieSoft Games Gin Rummy
"MeggieSoft Games Plus Pack_is1" = MeggieSoft Games Plus Pack
"MeggieSoft Games Rummy 500_is1" = MeggieSoft Games Rummy 500
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle" = Peggle (remove only)
"Plato Safe Password Manager_is1" = Plato Safe Password Manager 11.03.01
"PowerISO" = PowerISO
"ProInst" = Intel® PROSet/Wireless Software
"Replay Music3.56" = Replay Music
"Rhapsody" = Rhapsody
"Rybka Aquarium" = Rybka Aquarium
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"SolSuite_is1" = SolSuite 2010 v10.1
"Starry Night Pro Plus 6" = Starry Night Pro Plus 6
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SynTPDeinstKey" = Dell Touchpad
"Ticket To Ride 1.0" = Ticket To Ride 1.0
"TurboTax 2009" = TurboTax 2009
"Ultra Video Joiner_is1" = Ultra Video Joiner 4.7.1127
"Venture" = Venture
"VisDir Free Disk Space Finder_is1" = VisDir Free Disk Space Finder v 1.5
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Wall Street Raider_is1" = Wall Street Raider 5.30
"WinRAR archiver" = WinRAR archiver
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3347264131-2855308606-2150285675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iGridd" = iGridd
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 12:41:17 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/24/2010 6:54:16 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/24/2010 6:54:16 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/24/2010 6:54:16 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 11:01:16 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 11:01:16 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 11:01:16 AM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 12:41:24 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 12:41:24 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp by:
Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 3/25/2010 12:41:25 PM | Computer Name = Chris-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\Windows\Temp\1572419169.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

[ System Events ]
Error - 4/16/2010 1:27:12 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10016
Description =

Error - 4/16/2010 1:37:12 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10016
Description =

Error - 4/16/2010 1:41:06 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 4/16/2010 1:41:38 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10016
Description =

Error - 4/16/2010 1:44:59 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/16/2010 1:44:59 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/16/2010 1:51:04 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/16/2010 7:47:24 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10016
Description =

Error - 4/16/2010 7:48:05 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/16/2010 7:48:05 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >




and the GMER file. Ran beautifly this time.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-20 07:51:11
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT 88BA03B8 ZwAlertResumeThread
SSDT 88BA0498 ZwAlertThread
SSDT 88B9F298 ZwAllocateVirtualMemory
SSDT 889508F8 ZwConnectPort
SSDT 88B9EF38 ZwCreateMutant
SSDT 88B71D50 ZwCreateThread
SSDT 88BA2278 ZwFreeVirtualMemory
SSDT 88B9E008 ZwImpersonateAnonymousToken
SSDT 88BA02D8 ZwImpersonateThread
SSDT 88BA4108 ZwMapViewOfSection
SSDT 88B9EE58 ZwOpenEvent
SSDT 88B30BF0 ZwOpenProcessToken
SSDT 88BA2808 ZwOpenThreadToken
SSDT 889E0648 ZwResumeThread
SSDT 88BA2788 ZwSetContextThread
SSDT 88B538B8 ZwSetInformationProcess
SSDT 88BA26B8 ZwSetInformationThread
SSDT 88B9ED78 ZwSuspendProcess
SSDT 88BA05A0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x983AE320]
SSDT 88BA0660 ZwTerminateThread
SSDT 88BA4870 ZwUnmapViewOfSection
SSDT 88BA2348 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820AE880 8 Bytes [B8, 03, BA, 88, 98, 04, BA, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820AE894 4 Bytes [98, F2, B9, 88]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820AE924 4 Bytes [F8, 08, 95, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820AE958 4 Bytes [38, EF, B9, 88]
.text ntkrnlpa.exe!KeSetEvent + 221 820AE984 4 Bytes [50, 1D, B7, 88]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90A07380, 0x3599D2, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xB40D0300, 0x3AE88, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xB4113300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!free 75E29BCA 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!malloc 75E29C45 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!??3@YAXPAX@Z 75E29DE1 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!??2@YAPAXI@Z 75E29DF1 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!realloc 75E2A509 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!calloc 75E2C590 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_msize 75E2F809 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_aligned_free 75E4C66C 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_aligned_malloc 75E4C6DA 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_aligned_offset_malloc 75E4C6F6 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 75E78E9D 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_aligned_offset_realloc 75E78EAD 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_expand 75E79022 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapadd 75E7ABA8 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapchk 75E7ABBC 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapset + 1 75E7ACBE 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapmin 75E7ACC7 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapused 75E7ADAD 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_heapwalk 75E7ADC0 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[2124] msvcrt.dll!_aligned_realloc 75E830BA 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!CreateWindowExW 76FB1305 5 Bytes JMP 6FCBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxParamW 76FD10B0 5 Bytes JMP 6FBE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxIndirectParamW 76FD2EF5 5 Bytes JMP 6FDB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxParamA 76FE8152 5 Bytes JMP 6FDB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxIndirectParamA 76FE847D 5 Bytes JMP 6FDB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxIndirectA 76FFD4D9 5 Bytes JMP 6FDB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxIndirectW 76FFD5D3 5 Bytes JMP 6FDB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxExA 76FFD639 5 Bytes JMP 6FDB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxExW 76FFD65D 5 Bytes JMP 6FDB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!SetWindowsHookExW 76FA87AD 5 Bytes JMP 6FCB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!CallNextHookEx 76FA8E3B 5 Bytes JMP 6FCAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!UnhookWindowsHookEx 76FA98DB 5 Bytes JMP 6FC2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!CreateWindowExW 76FB1305 5 Bytes JMP 6FCBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!DialogBoxParamW 76FD10B0 5 Bytes JMP 6FBE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!DialogBoxIndirectParamW 76FD2EF5 5 Bytes JMP 6FDB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!DialogBoxParamA 76FE8152 5 Bytes JMP 6FDB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!DialogBoxIndirectParamA 76FE847D 5 Bytes JMP 6FDB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!MessageBoxIndirectA 76FFD4D9 5 Bytes JMP 6FDB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!MessageBoxIndirectW 76FFD5D3 5 Bytes JMP 6FDB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!MessageBoxExA 76FFD639 5 Bytes JMP 6FDB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] USER32.dll!MessageBoxExW 76FFD65D 5 Bytes JMP 6FDB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] ole32.dll!OleLoadFromStream 76D91E12 5 Bytes JMP 6FDB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] ole32.dll!CoCreateInstance 76DC9EA6 5 Bytes JMP 6FCBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!closesocket 759B330C 5 Bytes JMP 6EE5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!recv 759B343A 5 Bytes JMP 6EE5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!socket 759B36D1 5 Bytes JMP 6EE5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!connect 759B40D9 5 Bytes JMP 6EE5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!getaddrinfo 759B418A 5 Bytes JMP 6EE5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4824] WS2_32.dll!send 759B659B 5 Bytes JMP 6EE5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!SetWindowsHookExW 76FA87AD 5 Bytes JMP 6FCB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!CallNextHookEx 76FA8E3B 5 Bytes JMP 6FCAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!UnhookWindowsHookEx 76FA98DB 5 Bytes JMP 6FC2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!CreateWindowExW 76FB1305 5 Bytes JMP 6FCBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!DialogBoxParamW 76FD10B0 5 Bytes JMP 6FBE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!DialogBoxIndirectParamW 76FD2EF5 5 Bytes JMP 6FDB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!DialogBoxParamA 76FE8152 5 Bytes JMP 6FDB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!DialogBoxIndirectParamA 76FE847D 5 Bytes JMP 6FDB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!MessageBoxIndirectA 76FFD4D9 5 Bytes JMP 6FDB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!MessageBoxIndirectW 76FFD5D3 5 Bytes JMP 6FDB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!MessageBoxExA 76FFD639 5 Bytes JMP 6FDB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] USER32.dll!MessageBoxExW 76FFD65D 5 Bytes JMP 6FDB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ole32.dll!OleLoadFromStream 76D91E12 5 Bytes JMP 6FDB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ole32.dll!CoCreateInstance 76DC9EA6 5 Bytes JMP 6FCBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!closesocket 759B330C 5 Bytes JMP 6EE5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!recv 759B343A 5 Bytes JMP 6EE5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!socket 759B36D1 5 Bytes JMP 6EE5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!connect 759B40D9 5 Bytes JMP 6EE5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!getaddrinfo 759B418A 5 Bytes JMP 6EE5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5976] ws2_32.dll!send 759B659B 5 Bytes JMP 6EE5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!SetWindowsHookExW 76FA87AD 5 Bytes JMP 6FCB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!CallNextHookEx 76FA8E3B 5 Bytes JMP 6FCAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!UnhookWindowsHookEx 76FA98DB 5 Bytes JMP 6FC2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!CreateWindowExW 76FB1305 5 Bytes JMP 6FCBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!DialogBoxParamW 76FD10B0 5 Bytes JMP 6FBE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!DialogBoxIndirectParamW 76FD2EF5 5 Bytes JMP 6FDB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!DialogBoxParamA 76FE8152 5 Bytes JMP 6FDB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!DialogBoxIndirectParamA 76FE847D 5 Bytes JMP 6FDB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!MessageBoxIndirectA 76FFD4D9 5 Bytes JMP 6FDB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!MessageBoxIndirectW 76FFD5D3 5 Bytes JMP 6FDB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!MessageBoxExA 76FFD639 5 Bytes JMP 6FDB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] USER32.dll!MessageBoxExW 76FFD65D 5 Bytes JMP 6FDB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] ole32.dll!OleLoadFromStream 76D91E12 5 Bytes JMP 6FDB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] ole32.dll!CoCreateInstance 76DC9EA6 5 Bytes JMP 6FCBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!closesocket 759B330C 5 Bytes JMP 6EE5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!recv 759B343A 5 Bytes JMP 6EE5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!socket 759B36D1 5 Bytes JMP 6EE5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!connect 759B40D9 5 Bytes JMP 6EE5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!getaddrinfo 759B418A 5 Bytes JMP 6EE5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6012] WS2_32.dll!send 759B659B 5 Bytes JMP 6EE5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 20 April 2010 - 06:20 PM

Hello, Chris Tettamanti.

Ok, you do have at least one infection, so let's run Combofix.





P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.






Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as Chris TettamantiCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Chris TettamantiCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 24 April 2010 - 06:53 AM

Hi, still there?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Chris Tettamanti

Chris Tettamanti
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 26 April 2010 - 05:28 PM

Please close this issue. I reformatted and reinstalled windows.



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 27 April 2010 - 06:19 PM

ok, will do. thanks for letting us know!

Since this issue appears to be resolved ... this Topic has been closed.

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users