Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirects to completely random pages


  • This topic is locked This topic is locked
67 replies to this topic

#1 CarolynA

CarolynA

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 13 May 2010 - 07:44 PM

Pasting in additional information from another post. ~ OB

My Google search result links sometimes redirect to completely random pages. I ran Malwarebytes and Combofix- but Rootkit.Agent keeps coming back.

End of added information. ~ OB

My Google search result links sometimes redirects to completely random pages. I ran Malwarebytes and other Anti Spyware programs.

DDS (Ver_10-03-17.01) - NTFSx86
Run by 8400 at 19:22:05.10 on Thu 05/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.522 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\8400\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Settings,ProxyOverride = <local>
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: plaxo.com\www
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273368429562
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273368423343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]

=============== Created Last 30 ================

2010-05-13 23:19:00 0 ----a-w- c:\documents and settings\8400\defogger_reenable
2010-05-13 00:09:49 0 d-sha-r- C:\cmdcons
2010-05-13 00:06:35 98816 ----a-w- c:\windows\sed.exe
2010-05-13 00:06:35 77312 ----a-w- c:\windows\MBR.exe
2010-05-13 00:06:35 256512 ----a-w- c:\windows\PEV.exe
2010-05-13 00:06:35 161792 ----a-w- c:\windows\SWREG.exe
2010-05-13 00:06:14 0 d-----w- C:\ComboFix
2010-05-12 23:00:03 236 ----a-w- c:\windows\system32\.crusader
2010-05-12 22:58:09 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-12 22:58:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-05-12 22:57:59 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-11 21:43:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-05-10 11:27:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-10 11:27:16 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-09 03:58:38 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-05-09 03:58:37 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-05-09 03:56:31 0 d-----w- c:\program files\Spyware Doctor
2010-05-09 03:18:57 0 d-----w- c:\program files\Trend Micro
2010-05-09 01:27:34 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-05-07 02:24:50 0 d-----w- c:\docume~1\8400\applic~1\Malwarebytes
2010-05-07 02:24:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 02:24:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 02:24:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 02:24:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-07 00:39:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-07 00:01:58 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-07 00:01:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-06 23:37:11 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-05-06 23:37:10 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-05-06 23:37:08 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-05-06 23:37:04 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-05-06 23:37:03 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-05-06 23:34:19 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-05-06 23:34:19 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-05-06 23:34:17 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-05-06 17:51:44 0 d-----w- c:\program files\Lavasoft
2010-05-06 13:02:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-06 10:21:42 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSWFQYE

==================== Find3M ====================

2010-05-13 20:49:22 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-11 04:24:27 88314 ----a-w- c:\windows\hpoins06.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-08-23 17:24:01 24138392 -c--a-w- c:\program files\DivXBundle.exe
2007-08-23 16:32:01 9679815 -c--a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-08-23 11:15:10 6274206 -c--a-w- c:\program files\BitTorrent-5.0.8.exe
2008-08-11 01:10:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat

============= FINISH: 19:22:27.76 ===============

Attached Files


Edited by CarolynA, 13 May 2010 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 15 May 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 15 May 2010 - 06:24 PM

My computer is operational but I'm still having a problem with Google search- it redirects to random pages. Attached are the two additional reports as requested.
Thanks




OTL logfile created on: 5/15/2010 7:16:13 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\8400\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 691.00 Mb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.12 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8400DELL
Current User Name: 8400
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/15 19:12:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
PRC - [2009/01/27 18:11:47 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 19:12:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/11 17:31:48 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/22 11:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 19:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/05/11 11:36:14 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/05/12 20:18:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1273368429562 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1273368423343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\8400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\8400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/23 15:24:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk - C:\QUICKENW\BILLMIND.EXE - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE - (Intuit)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: HitmanPro35 - hkey= - key= - C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Microsoft Works Portfolio - hkey= - key= - C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: WorksFUD - hkey= - key= - C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/23 15:24:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 19:12:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
[2010/05/14 09:42:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\8400\Recent
[2010/05/13 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Desktop\Carolyn
[2010/05/13 20:13:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/13 06:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/12 20:09:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/12 20:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/12 20:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/12 20:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/12 20:06:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/12 20:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/12 20:01:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 18:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/12 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/12 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/12 18:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/12 18:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/12 18:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/12 06:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\vbrvumesx
[2010/05/11 17:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/11 17:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\icbeesvfs
[2010/05/11 17:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/05/10 07:27:17 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/10 07:27:16 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/10 05:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\yjxcfrihc
[2010/05/08 23:58:37 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/05/08 23:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/08 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/08 21:27:34 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/05/06 22:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Application Data\Malwarebytes
[2010/05/06 22:24:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 22:24:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 22:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 22:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/06 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\Threat Expert
[2010/05/06 21:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/06 20:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/06 20:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/06 19:37:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/05/06 19:37:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/05/06 19:37:08 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/05/06 19:37:04 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/05/06 19:37:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/05/06 19:34:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/05/06 19:34:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/05/06 19:34:17 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2010/05/06 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/06 09:02:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/06 06:21:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSWFQYE
[2010/04/19 07:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/19 07:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\NOS
[2010/04/19 07:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2007/02/23 16:50:53 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/25 11:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 19:12:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
[2010/05/15 19:09:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 19:09:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/15 19:09:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/15 19:09:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/15 16:59:30 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\8400\ntuser.dat
[2010/05/15 16:59:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\8400\ntuser.ini
[2010/05/15 10:34:56 | 003,764,184 | -H-- | M] () -- C:\Documents and Settings\8400\Local Settings\Application Data\IconCache.db
[2010/05/15 10:21:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/15 06:15:42 | 000,000,931 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/05/13 19:19:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\8400\defogger_reenable
[2010/05/12 20:19:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/12 20:18:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/12 20:09:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/12 20:01:22 | 003,686,869 | R--- | M] () -- C:\Documents and Settings\8400\Desktop\ComboFix.exe
[2010/05/12 19:31:48 | 000,000,601 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/12 19:31:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/12 19:07:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/12 19:06:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/05/08 23:18:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\8400\Desktop\HijackThis.lnk
[2010/05/08 21:56:06 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 21:56:06 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/08 21:56:06 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/08 21:54:41 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/07 09:57:01 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/05/06 22:51:39 | 000,041,872 | ---- | M] () -- C:\Documents and Settings\8400\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/06 22:24:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:39:46 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 09:02:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/06 06:23:57 | 000,002,752 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203055.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031617.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031616.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031615.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031614.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031613.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031611.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235241.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235240.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235239.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235238.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235236.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235234.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235229.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235037.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235036.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235035.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235034.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235033.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235032.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235031.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235030.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235029.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235025.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220548.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220547.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220546.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220545.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220544.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220543.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220542.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212336.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212335.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212334.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212333.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212332.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212331.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210922.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210921.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210920.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210919.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210918.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210917.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210916.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210913.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203106.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203104.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203103.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203102.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203101.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203100.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203059.backup
[2010/05/02 20:31:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\8400\My Documents\~$Label3.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/13 19:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\8400\defogger_reenable
[2010/05/12 20:09:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/12 20:09:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/12 20:06:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/12 20:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/12 20:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/12 20:06:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 20:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/12 20:02:36 | 003,686,869 | R--- | C] () -- C:\Documents and Settings\8400\Desktop\ComboFix.exe
[2010/05/12 19:00:03 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/05/12 18:58:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/08 23:58:38 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/05/08 23:18:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\8400\Desktop\HijackThis.lnk
[2010/05/06 22:24:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:39:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/02 20:31:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\8400\My Documents\~$Label3.doc
[2010/03/11 00:03:33 | 000,001,287 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/03/01 16:43:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/27 13:55:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/02/27 13:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/02/27 13:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/02/27 11:54:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/02/27 11:54:31 | 000,000,931 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/23 22:43:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/23 22:43:00 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/02/23 18:19:00 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/23 17:04:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/23 16:51:43 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/02/23 16:50:54 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2007/02/23 16:50:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/02/23 16:50:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/02/23 16:50:51 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/02/23 16:50:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/23 16:40:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/04/04 20:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/23 10:16:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/23 10:16:14 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/23 10:16:14 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/12 19:07:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/06 09:02:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 5/15/2010 7:16:13 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\8400\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 691.00 Mb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.12 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8400DELL
Current User Name: 8400
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Disabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}" = Comcast Universal Caller ID
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Universal Caller ID
"DVD Flick_is1" = DVD Flick
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Quicken 2001 Basic" = Quicken 2001 Basic
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 1:47:33 PM | Computer Name = 8400DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/17/2010 1:47:36 PM | Computer Name = 8400DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/31/2010 8:34:30 AM | Computer Name = 8400DELL | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.2.0.155, faulting module
skype.exe, version 4.2.0.155, fault address 0x007e4f62.

Error - 4/12/2010 9:46:33 AM | Computer Name = 8400DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2010 9:01:27 AM | Computer Name = 8400DELL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/6/2010 1:33:06 PM | Computer Name = 8400DELL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/6/2010 1:52:07 PM | Computer Name = 8400DELL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/8/2010 9:57:32 PM | Computer Name = 8400DELL | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/9/2010 12:06:33 AM | Computer Name = 8400DELL | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/12/2010 6:44:33 PM | Computer Name = 8400DELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000d69c0.

[ System Events ]
Error - 5/13/2010 9:32:44 PM | Computer Name = 8400DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/13/2010 9:32:52 PM | Computer Name = 8400DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/13/2010 9:33:53 PM | Computer Name = 8400DELL | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/13/2010 9:33:53 PM | Computer Name = 8400DELL | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/13/2010 9:33:53 PM | Computer Name = 8400DELL | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 5/13/2010 9:33:53 PM | Computer Name = 8400DELL | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/13/2010 9:33:53 PM | Computer Name = 8400DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip

Error - 5/13/2010 9:38:44 PM | Computer Name = 8400DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/13/2010 9:53:48 PM | Computer Name = 8400DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/13/2010 10:25:40 PM | Computer Name = 8400DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 15 May 2010 - 06:37 PM

Hi,

could you please run a fresh copy of combofix:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Do you have a windows CD close by?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 15 May 2010 - 07:00 PM

I have the original Windows XP that came with the computer.

here's the latest ComboFix log...


ComboFix 10-05-15.01 - 8400 05/15/2010 19:51:35.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.711 [GMT -4:00]
Running from: c:\documents and settings\8400\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\feed.txt

.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-12 22:58 . 2010-05-12 23:07 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-12 22:58 . 2010-05-12 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-12 22:57 . 2010-05-12 22:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-12 10:39 . 2010-05-12 11:49 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\vbrvumesx
2010-05-11 21:43 . 2010-05-11 23:31 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\icbeesvfs
2010-05-11 21:43 . 2010-05-11 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-11 15:36 . 2010-05-11 15:36 315254 ----a-w- c:\documents and settings\All Users\Application Data\Update\seupd.exe
2010-05-10 11:27 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-10 09:22 . 2010-05-10 10:59 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\yjxcfrihc
2010-05-09 03:56 . 2010-05-09 04:07 -------- d-----w- c:\program files\Spyware Doctor
2010-05-09 03:18 . 2010-05-09 03:18 -------- d-----w- c:\program files\Trend Micro
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\documents and settings\8400\Application Data\Malwarebytes
2010-05-07 02:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 02:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 01:50 . 2010-05-07 01:50 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\Threat Expert
2010-05-07 01:41 . 2010-05-09 04:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 00:39 . 2010-05-07 00:39 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-07 00:01 . 2010-05-12 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-07 00:01 . 2010-05-12 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 23:37 . 2008-04-13 18:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-05-06 23:37 . 2008-04-13 18:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-05-06 23:37 . 2008-04-13 18:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-05-06 23:37 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-05-06 23:34 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-05-06 23:34 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-05-06 23:34 . 2008-04-13 18:46 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-05-06 17:51 . 2010-05-07 00:08 -------- d-----w- c:\program files\Lavasoft
2010-05-06 13:02 . 2010-05-06 13:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-06 10:21 . 2010-05-06 10:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSWFQYE
2010-04-19 11:25 . 2010-04-19 11:25 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\NOS
2010-04-19 11:25 . 2010-04-19 11:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-19 11:25 . 2010-04-19 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 23:49 . 2007-02-23 22:44 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-15 14:27 . 2007-02-23 22:10 -------- d-----w- c:\documents and settings\8400\Application Data\Skype
2010-05-15 14:21 . 2009-07-31 14:16 -------- d-----w- c:\documents and settings\8400\Application Data\skypePM
2010-05-12 00:31 . 2007-04-25 15:53 -------- d-----w- c:\program files\Google
2010-05-07 02:51 . 2007-02-23 22:44 41872 -c--a-w- c:\documents and settings\8400\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 02:10 . 2008-08-14 10:08 -------- d-----w- c:\program files\CCleaner
2010-05-07 00:08 . 2008-01-28 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-05 22:05 . 2010-04-05 22:05 -------- d-----w- c:\documents and settings\8400\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
2010-04-05 22:05 . 2010-04-05 22:05 -------- d-----w- c:\program files\Comcast Universal Caller ID
2010-04-05 22:04 . 2010-04-05 22:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-27 13:10 . 2010-03-27 13:10 -------- d-----w- c:\program files\Common Files\Skype
2010-03-11 04:24 . 2010-03-11 03:59 88314 ----a-w- c:\windows\hpoins06.dat
2010-03-10 06:15 . 2003-07-16 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 02:25 . 2010-02-25 02:25 4389080 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-24 13:11 . 2003-07-16 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-07-16 20:39 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-08-23 17:24 . 2007-08-23 17:23 24138392 -c--a-w- c:\program files\DivXBundle.exe
2007-08-23 16:32 . 2007-08-23 16:31 9679815 -c--a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-08-23 11:15 . 2007-08-23 11:14 6274206 -c--a-w- c:\program files\BitTorrent-5.0.8.exe
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . AC8E0371033D53F90D54D967F10039A6 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-13_00.19.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 23:49 . 2010-05-15 23:49 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 73216 c:\windows\Downloaded Program Files\tscan1.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 97792 c:\windows\Downloaded Program Files\scrauth.dat
+ 2010-02-10 11:22 . 2010-02-10 11:22 42112 c:\windows\Downloaded Program Files\ecmldr32.dll
+ 2010-05-13 22:59 . 2010-05-13 22:59 2072 c:\windows\Downloaded Program Files\vscanmsx.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 3852 c:\windows\Downloaded Program Files\tscan1hd.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1957 c:\windows\Downloaded Program Files\tinfl.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 2504 c:\windows\Downloaded Program Files\catalog.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 397212 c:\windows\Downloaded Program Files\virscan6.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 320315 c:\windows\Downloaded Program Files\virscan4.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 155864 c:\windows\Downloaded Program Files\virscan3.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 573408 c:\windows\Downloaded Program Files\virscan2.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 582583 c:\windows\Downloaded Program Files\tcscan9.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 196762 c:\windows\Downloaded Program Files\tcscan8.dat
+ 2010-02-10 11:24 . 2010-02-10 11:24 284048 c:\windows\Downloaded Program Files\rufsi.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 177520 c:\windows\Downloaded Program Files\naveng32.dll
+ 2010-02-10 11:22 . 2010-02-10 11:22 201896 c:\windows\Downloaded Program Files\navapi32.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 275824 c:\windows\Downloaded Program Files\ecmsvr32.dll
+ 2010-02-10 11:24 . 2010-02-10 11:24 264080 c:\windows\Downloaded Program Files\avsniffdlgs.dll
+ 2010-02-10 11:24 . 2010-02-10 11:24 337808 c:\windows\Downloaded Program Files\avsniff.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 4910602 c:\windows\Downloaded Program Files\virscan9.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1134174 c:\windows\Downloaded Program Files\virscan8.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1035557 c:\windows\Downloaded Program Files\virscan1.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 3565312 c:\windows\Downloaded Program Files\tcdefs.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1697136 c:\windows\Downloaded Program Files\navex32a.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 65586307 c:\windows\Downloaded Program Files\virscan7.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 15674755 c:\windows\Downloaded Program Files\virscan5.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 20137234 c:\windows\Downloaded Program Files\tcscan7.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 16:52 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 -c--a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 -c--a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 15:38 64512 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-27 22:11 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c----w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 -c--a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: plaxo.com\www
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-15 19:57:18
ComboFix-quarantined-files.txt 2010-05-15 23:57
ComboFix2.txt 2010-05-13 00:21

Pre-Run: 228,826,497,024 bytes free
Post-Run: 228,835,123,200 bytes free

- - End Of File - - BA8D8B66DEEDAA2A77D67DAFAD46A4BE


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 15 May 2010 - 07:11 PM

Hi,

please run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
FCopy::
c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.dll

Folder::
c:\documents and settings\8400\Local Settings\Application Data\vbrvumesx
c:\documents and settings\8400\Local Settings\Application Data\icbeesvfs
c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\8400\Local Settings\Application Data\yjxcfrihc
c:\documents and settings\All Users\Application Data\MSWFQYE


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

let me know what changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 15 May 2010 - 07:25 PM


Google search still redirecting to random pages. Here's the latest log...

ComboFix 10-05-15.01 - 8400 05/15/2010 20:16:42.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.688 [GMT -4:00]
Running from: c:\documents and settings\8400\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\8400\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\8400\Local Settings\Application Data\icbeesvfs
c:\documents and settings\8400\Local Settings\Application Data\vbrvumesx
c:\documents and settings\8400\Local Settings\Application Data\yjxcfrihc
c:\documents and settings\All Users\Application Data\MSWFQYE
c:\documents and settings\All Users\Application Data\MSWFQYE\MSZZMFRE.cfg
c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\All Users\Application Data\Update\seupd.exe
C:\feed.txt

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 00:15 . 2010-05-16 00:15 -------- d-----w- C:\32788R22FWJFW
2010-05-12 22:58 . 2010-05-12 23:07 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-12 22:58 . 2010-05-12 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-12 22:57 . 2010-05-12 22:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-10 11:27 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-09 03:56 . 2010-05-09 04:07 -------- d-----w- c:\program files\Spyware Doctor
2010-05-09 03:18 . 2010-05-09 03:18 -------- d-----w- c:\program files\Trend Micro
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\documents and settings\8400\Application Data\Malwarebytes
2010-05-07 02:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 02:24 . 2010-05-07 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 02:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 01:50 . 2010-05-07 01:50 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\Threat Expert
2010-05-07 01:41 . 2010-05-09 04:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 00:39 . 2010-05-07 00:39 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-07 00:01 . 2010-05-12 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-07 00:01 . 2010-05-12 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 23:37 . 2008-04-13 18:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-05-06 23:37 . 2008-04-13 18:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2010-05-06 23:37 . 2008-04-13 18:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-05-06 23:37 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2010-05-06 23:34 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2010-05-06 23:34 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-05-06 23:34 . 2008-04-13 18:46 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-05-06 17:51 . 2010-05-07 00:08 -------- d-----w- c:\program files\Lavasoft
2010-05-06 13:02 . 2010-05-06 13:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-19 11:25 . 2010-04-19 11:25 -------- d-----w- c:\documents and settings\8400\Local Settings\Application Data\NOS
2010-04-19 11:25 . 2010-04-19 11:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-19 11:25 . 2010-04-19 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 23:49 . 2007-02-23 22:44 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-15 14:27 . 2007-02-23 22:10 -------- d-----w- c:\documents and settings\8400\Application Data\Skype
2010-05-15 14:21 . 2009-07-31 14:16 -------- d-----w- c:\documents and settings\8400\Application Data\skypePM
2010-05-12 00:31 . 2007-04-25 15:53 -------- d-----w- c:\program files\Google
2010-05-07 02:51 . 2007-02-23 22:44 41872 -c--a-w- c:\documents and settings\8400\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 02:10 . 2008-08-14 10:08 -------- d-----w- c:\program files\CCleaner
2010-05-07 00:08 . 2008-01-28 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-05 22:05 . 2010-04-05 22:05 -------- d-----w- c:\documents and settings\8400\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
2010-04-05 22:05 . 2010-04-05 22:05 -------- d-----w- c:\program files\Comcast Universal Caller ID
2010-04-05 22:04 . 2010-04-05 22:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-27 13:10 . 2010-03-27 13:10 -------- d-----w- c:\program files\Common Files\Skype
2010-03-11 04:24 . 2010-03-11 03:59 88314 ----a-w- c:\windows\hpoins06.dat
2010-03-10 06:15 . 2003-07-16 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 02:25 . 2010-02-25 02:25 4389080 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-24 13:11 . 2003-07-16 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-07-16 20:39 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-08-23 17:24 . 2007-08-23 17:23 24138392 -c--a-w- c:\program files\DivXBundle.exe
2007-08-23 16:32 . 2007-08-23 16:31 9679815 -c--a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-08-23 11:15 . 2007-08-23 11:14 6274206 -c--a-w- c:\program files\BitTorrent-5.0.8.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-13_00.19.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 23:49 . 2010-05-15 23:49 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 73216 c:\windows\Downloaded Program Files\tscan1.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 97792 c:\windows\Downloaded Program Files\scrauth.dat
+ 2010-02-10 11:22 . 2010-02-10 11:22 42112 c:\windows\Downloaded Program Files\ecmldr32.dll
+ 2010-05-13 22:59 . 2010-05-13 22:59 2072 c:\windows\Downloaded Program Files\vscanmsx.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 3852 c:\windows\Downloaded Program Files\tscan1hd.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1957 c:\windows\Downloaded Program Files\tinfl.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 2504 c:\windows\Downloaded Program Files\catalog.dat
+ 2003-07-16 20:49 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\user32.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 397212 c:\windows\Downloaded Program Files\virscan6.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 320315 c:\windows\Downloaded Program Files\virscan4.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 155864 c:\windows\Downloaded Program Files\virscan3.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 573408 c:\windows\Downloaded Program Files\virscan2.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 582583 c:\windows\Downloaded Program Files\tcscan9.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 196762 c:\windows\Downloaded Program Files\tcscan8.dat
+ 2010-02-10 11:24 . 2010-02-10 11:24 284048 c:\windows\Downloaded Program Files\rufsi.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 177520 c:\windows\Downloaded Program Files\naveng32.dll
+ 2010-02-10 11:22 . 2010-02-10 11:22 201896 c:\windows\Downloaded Program Files\navapi32.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 275824 c:\windows\Downloaded Program Files\ecmsvr32.dll
+ 2010-02-10 11:24 . 2010-02-10 11:24 264080 c:\windows\Downloaded Program Files\avsniffdlgs.dll
+ 2010-02-10 11:24 . 2010-02-10 11:24 337808 c:\windows\Downloaded Program Files\avsniff.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 4910602 c:\windows\Downloaded Program Files\virscan9.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1134174 c:\windows\Downloaded Program Files\virscan8.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1035557 c:\windows\Downloaded Program Files\virscan1.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 3565312 c:\windows\Downloaded Program Files\tcdefs.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 1697136 c:\windows\Downloaded Program Files\navex32a.dll
+ 2010-05-12 05:00 . 2010-05-12 05:00 65586307 c:\windows\Downloaded Program Files\virscan7.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 15674755 c:\windows\Downloaded Program Files\virscan5.dat
+ 2010-05-12 05:00 . 2010-05-12 05:00 20137234 c:\windows\Downloaded Program Files\tcscan7.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 16:52 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 15:43 57344 -c--a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 16:43 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 -c--a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 15:38 64512 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-27 22:11 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c----w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 -c--a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqiscfg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 11:28 AM 204800]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: plaxo.com\www
Trusted Zone: turbotax.com
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-05-15 20:20:06
ComboFix-quarantined-files.txt 2010-05-16 00:20
ComboFix2.txt 2010-05-15 23:57
ComboFix3.txt 2010-05-13 00:21

Pre-Run: 228,841,467,904 bytes free
Post-Run: 228,828,184,576 bytes free

- - End Of File - - DE30D204A108239A9EEEAFAEAE98DB38


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 17 May 2010 - 05:27 AM

Hi,
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ipconfig /flushdns
  • let me know if the redirects stop.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 17 May 2010 - 12:28 PM

Hi Myrti!

The google pages are still redirecting to random sites sad.gif
I copied & pasted my command results...


Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\8400>ipconfig/flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\8400>

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 17 May 2010 - 05:12 PM

Hi,

please try running Kateskiller:
  • Please download kateskiller.zip onto your Desktop.
  • Extract kateskiller.exe onto your desktop
  • Go to your Start menu and click on run...
  • Into the window type:

    "%userprofile%\Desktop\kateskiller.exe" -l "%userprofile%\Desktop\kates.log" -y
    Note: all l are small L, there's no capitalized i in the command.

  • A black window will open. Once the scan is finished it will display Press any key to continue. Please do so.
  • A log called kates.log should be created on your Desktop, open it and post the content of it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 17 May 2010 - 06:06 PM

Hey Myrti-

Google search still redirecting to random pages. Attached below is the Kateskiller log.
Thanks again-


18:59:48:234 1716 scanning threads ...
18:59:48:921 1716
18:59:48:921 1716 scanning modules...
18:59:49:000 1716
18:59:49:000 1716 scanning registry ...
18:59:49:000 1716
18:59:49:000 1716
completed
18:59:49:000 1716 Infected threads: 0
18:59:49:000 1716 Spliced functions: 0
18:59:49:000 1716 Deleted files: 0
18:59:49:000 1716 Fixed registry keys: 0


#12 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 17 May 2010 - 06:10 PM

Hi again-
I ran kateskiller again. here's the log...


19:07:07:156 3232 scanning threads ...
19:07:07:906 3232
19:07:07:906 3232 scanning modules...
19:07:07:968 3232 Spliced function send fixed in ws2_32.dll module of process with PID 3136
19:07:07:984 3232 Spliced function recv fixed in ws2_32.dll module of process with PID 3136
19:07:07:984 3232 Spliced function WSASend fixed in ws2_32.dll module of process with PID 3136
19:07:07:984 3232 Spliced function WSARecv fixed in ws2_32.dll module of process with PID 3136
19:07:07:984 3232 Spliced function send fixed in ws2_32.dll module of process with PID 4080
19:07:07:984 3232 Spliced function recv fixed in ws2_32.dll module of process with PID 4080
19:07:07:984 3232 Spliced function WSASend fixed in ws2_32.dll module of process with PID 4080
19:07:07:984 3232 Spliced function WSARecv fixed in ws2_32.dll module of process with PID 4080
19:07:07:984 3232
19:07:07:984 3232 scanning registry ...
19:07:07:984 3232
19:07:07:984 3232
completed
19:07:07:984 3232 Infected threads: 0
19:07:07:984 3232 Spliced functions: 8
19:07:07:984 3232 Deleted files: 0
19:07:07:984 3232 Fixed registry keys: 0


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 17 May 2010 - 07:13 PM

Hi,

please provide a fresh log from OTL:
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32 /all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened

And a new scan from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 17 May 2010 - 07:28 PM

Hi Myrti-
here's the OLT.txt file (just one file- right?). I going to run the GMER - I'll post ot on the next reply.

OTL logfile created on: 5/17/2010 8:17:53 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\8400\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 680.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.10 Gb Free Space | 91.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8400DELL
Current User Name: 8400
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/17 20:16:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
PRC - [2009/01/27 18:11:47 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/17 20:16:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/11 17:31:48 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/22 11:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 19:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/05/11 11:36:14 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/05/12 20:18:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-343818398-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-343818398-682003330-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1273368429562 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1273368423343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\8400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\8400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/23 15:24:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk - C:\QUICKENW\BILLMIND.EXE - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE - (Intuit)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: HitmanPro35 - hkey= - key= - C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Microsoft Works Portfolio - hkey= - key= - C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: WorksFUD - hkey= - key= - C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/23 15:24:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 15:50:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/15 20:15:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/15 20:15:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/15 19:12:08 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
[2010/05/14 09:42:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\8400\Recent
[2010/05/13 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Desktop\Carolyn
[2010/05/12 20:09:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/12 20:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/12 20:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/12 20:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/12 20:06:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/12 20:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/12 20:01:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 18:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/12 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/12 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/12 18:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/12 18:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/12 18:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/11 17:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/10 07:27:17 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/05/10 07:27:16 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/05/08 23:58:37 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/05/08 23:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/08 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/08 21:27:34 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/05/06 22:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Application Data\Malwarebytes
[2010/05/06 22:24:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 22:24:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 22:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 22:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/06 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\Threat Expert
[2010/05/06 21:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/06 20:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/06 20:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/06 19:37:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/05/06 19:37:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/05/06 19:37:08 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/05/06 19:37:04 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/05/06 19:37:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/05/06 19:34:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/05/06 19:34:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/05/06 19:34:17 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2010/05/06 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/06 09:02:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/19 07:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/19 07:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\8400\Local Settings\Application Data\NOS
[2010/04/19 07:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2007/02/23 16:50:53 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/25 11:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/17 20:16:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\8400\Desktop\OTL.exe
[2010/05/17 19:26:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 19:26:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 19:26:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 19:26:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/17 19:25:34 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\8400\ntuser.dat
[2010/05/17 19:25:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\8400\ntuser.ini
[2010/05/17 18:56:27 | 000,093,322 | ---- | M] () -- C:\Documents and Settings\8400\Desktop\kateskiller.zip
[2010/05/17 15:22:43 | 003,765,532 | -H-- | M] () -- C:\Documents and Settings\8400\Local Settings\Application Data\IconCache.db
[2010/05/17 08:24:21 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/17 07:30:28 | 000,000,931 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/05/15 20:18:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/15 19:41:56 | 003,689,423 | R--- | M] () -- C:\Documents and Settings\8400\Desktop\ComboFix.exe
[2010/05/13 19:19:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\8400\defogger_reenable
[2010/05/12 20:18:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/12 20:09:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/12 19:31:48 | 000,000,601 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/12 19:31:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/12 19:07:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/12 19:06:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/05/08 23:18:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\8400\Desktop\HijackThis.lnk
[2010/05/08 21:56:06 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 21:56:06 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/08 21:56:06 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/08 21:54:41 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/07 09:57:01 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/05/06 22:51:39 | 000,041,872 | ---- | M] () -- C:\Documents and Settings\8400\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/06 22:24:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:39:46 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/06 09:02:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/06 06:23:57 | 000,002,752 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203055.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031617.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031616.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031615.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031614.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031613.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-031611.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235241.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235240.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235239.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235238.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235236.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235234.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235229.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235037.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235036.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235035.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235034.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235033.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235032.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235031.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235030.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235029.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-235025.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220548.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220547.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220546.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220545.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220544.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220543.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-220542.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212336.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212335.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212334.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212333.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212332.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-212331.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210922.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210921.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210920.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210919.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210918.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210917.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210916.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210913.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203106.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203104.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203103.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203102.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203101.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203100.backup
[2010/05/06 06:23:57 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-203059.backup
[2010/05/02 20:31:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\8400\My Documents\~$Label3.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/17 18:56:27 | 000,093,322 | ---- | C] () -- C:\Documents and Settings\8400\Desktop\kateskiller.zip
[2010/05/13 19:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\8400\defogger_reenable
[2010/05/12 20:09:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/12 20:09:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/12 20:06:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/12 20:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/12 20:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/12 20:06:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 20:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/12 20:02:36 | 003,689,423 | R--- | C] () -- C:\Documents and Settings\8400\Desktop\ComboFix.exe
[2010/05/12 19:00:03 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/05/12 18:58:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/08 23:58:38 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/05/08 23:18:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\8400\Desktop\HijackThis.lnk
[2010/05/06 22:24:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 20:39:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/02 20:31:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\8400\My Documents\~$Label3.doc
[2010/03/11 00:03:33 | 000,001,287 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/03/01 16:43:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/27 13:55:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/02/27 13:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/02/27 13:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/02/27 11:54:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/02/27 11:54:31 | 000,000,931 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/23 22:43:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/23 22:43:00 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/02/23 18:19:00 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/23 17:04:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/23 16:51:43 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/02/23 16:50:54 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2007/02/23 16:50:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/02/23 16:50:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/02/23 16:50:51 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/02/23 16:50:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/23 16:40:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/04/04 20:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/10 20:59:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/23 10:16:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/23 10:16:14 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/23 10:16:14 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/12 19:07:34 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/06 09:02:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


#15 CarolynA

CarolynA
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 17 May 2010 - 08:20 PM

here's the gmer.log...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-17 21:13:23
Windows 5.1.2600 Service Pack 3
Running: g84f1lb3.exe; Driver: C:\DOCUME~1\8400\LOCALS~1\Temp\pwtiqpog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users