Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Hosts.AQ.1 Trojan / tr.dldr.fakeav.bj trojan / PE_Patch.UPX, Avira detected this


  • This topic is locked This topic is locked
2 replies to this topic

#1 wanttohelp

wanttohelp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 13 September 2010 - 08:00 AM

Added in content from newer topic on same issue and adapted wording for flow. ~ OB

redirect/kept trying to download something and it was a virus scan: the file it wanted to download was unpack or something like that. was trying to get me to allow a start item that was something unpack, but I would not.
Avira completed routine scan and found 3 TR/Hosts.AQ.1 Trojan. It quartentined those items.

I know you do not ask but incase here is avira results:



Avira AntiVir Personal
Report file date: Monday, September 13, 2010 12:00

Scanning for 2803359 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TOSHIBA-USER

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:03:15
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:03:41
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 07:04:36
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 07:04:36
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 07:04:37
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 07:04:37
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 07:04:37
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 07:04:37
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 07:04:39
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 07:04:51
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 07:04:52
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 07:04:54
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 07:04:56
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 07:04:58
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 07:05:00
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 07:05:01
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 08:05:00
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 08:22:13
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 08:22:23
VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 09:02:39
VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 09:02:17
VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 12:03:00
VBASE027.VDF : 7.10.11.75 124928 Bytes 9/3/2010 12:03:19
VBASE028.VDF : 7.10.11.92 137728 Bytes 9/6/2010 18:27:00
VBASE029.VDF : 7.10.11.107 166400 Bytes 9/8/2010 08:33:50
VBASE030.VDF : 7.10.11.127 136704 Bytes 9/10/2010 08:33:46
VBASE031.VDF : 7.10.11.129 25088 Bytes 9/12/2010 20:19:01
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/16/2010 07:05:41
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 8/27/2010 09:02:37
AESCN.DLL : 8.1.6.1 127347 Bytes 8/16/2010 07:05:36
AESBX.DLL : 8.1.3.1 254324 Bytes 8/16/2010 07:05:42
AERDL.DLL : 8.1.8.2 614772 Bytes 8/16/2010 07:05:35
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/16/2010 07:05:32
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/16/2010 07:05:29
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/3/2010 12:03:24
AEHELP.DLL : 8.1.13.3 242038 Bytes 8/27/2010 09:02:18
AEGEN.DLL : 8.1.3.20 397684 Bytes 8/27/2010 09:02:17
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/16/2010 07:05:10
AECORE.DLL : 8.1.16.2 192887 Bytes 8/16/2010 07:05:08
AEBB.DLL : 8.1.1.0 53618 Bytes 8/16/2010 07:05:07
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Monday, September 13, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'Crq.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'Ckuzya.exe' - '1' Module(s) have been scanned
Scan process 'gmer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'toscdspd.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ACU.exe' - '1' Module(s) have been scanned
Scan process 'ifrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'StartupMonitor.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'skeys.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'locator.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ekdiscovery.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1709' files ).


Starting the file scan:

Begin scan in 'C:\' <SQ004179P04>
C:\Documents and Settings\All Users\Application Data\4a833d8\MS4a83_302.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan
C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP62\A0011617.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan
C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP62\A0011618.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan

Beginning disinfection:
C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP62\A0011618.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '47bd11ab.qua'.
C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP62\A0011617.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f2a3e0c.qua'.
C:\Documents and Settings\All Users\Application Data\4a833d8\MS4a83_302.exe
[DETECTION] Is the TR/Hosts.AQ.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d0964b8.qua'.


End of the scan: Monday, September 13, 2010 19:34
Used time: 56:47 Minute(s)

The scan has been done completely.

7626 Scanned directories
422569 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
422566 Files not concerned
8869 Archives were scanned
0 Warnings
3 Notes

End of added content. ~ OB


thanks.

The following is also attached, I see other post its also copy paste so wasn't sure.


DDS (Ver_10-03-17.01) - NTFSx86
Run by lidsey at 2:13:32.78 on Mon 09/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.268 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\lidsey\Desktop\gmer\gmer.exe
C:\Documents and Settings\lidsey\Desktop\dds_001.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,SKEYS /I
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Startup Manager Scanner] c:\program files\startup mechanic\StartupMonitor.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281983020734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.164.72,93.188.166.222
TCP: {69505889-C3C0-4DE5-B9CD-9FF74298740A} = 93.188.164.72,93.188.166.222
TCP: {B174CB9C-EF58-4A9A-88CA-777853951A4F} = 93.188.164.72,93.188.166.222
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lidsey\applic~1\mozilla\firefox\profiles\wgaft38u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\{fff2461f-284c-443c-8e2c-281f546a3b26}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\{fff2461f-284c-443c-8e2c-281f546a3b26}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\lidsey\application data\mozilla\firefox\profiles\wgaft38u.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-16 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-16 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-16 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-16 60936]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
S3 cpuz132;cpuz132;\??\c:\docume~1\lidsey\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\lidsey\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-09-13 05:47:58 0 d-----w- c:\documents and settings\lidsey\log
2010-09-13 05:29:48 0 d-----w- c:\docume~1\alluse~1\applic~1\4a833d8
2010-09-13 05:26:14 228352 ----a-w- c:\windows\Ckuzya.exe
2010-09-13 04:07:00 0 d-----w- c:\docume~1\lidsey\applic~1\CoffeeCup Software
2010-09-13 04:06:22 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-09-13 04:06:22 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-09-11 10:28:24 0 d-----w- c:\program files\CoffeeCup Software
2010-09-08 08:28:07 0 d-----w- C:\My Music
2010-09-08 07:52:23 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2010-09-08 07:51:59 0 d-----w- c:\program files\ScreenshotCaptor
2010-09-08 07:44:00 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat
2010-09-08 07:44:00 0 d-----w- c:\docume~1\lidsey\applic~1\DonationCoder
2010-09-08 07:43:35 73 ----a-w- c:\windows\system32\-1
2010-09-08 07:43:19 0 d-----w- c:\program files\URLSnooper2
2010-09-06 18:33:23 0 d--h--w- c:\windows\PIF
2010-09-03 23:26:53 0 d-----w- c:\program files\FBP - Facebook Blaster Pro
2010-09-03 23:04:07 737280 ----a-w- c:\windows\iun6002.exe
2010-09-03 23:03:20 0 d-----w- c:\program files\WYSIWYG Web Builder 6
2010-08-29 11:59:06 0 d-----w- C:\IObit
2010-08-29 11:57:16 2 ----a-w- c:\windows\msoffice.ini
2010-08-21 00:54:52 0 d-----w- c:\docume~1\lidsey\applic~1\Artisteer
2010-08-18 22:56:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Eastman Kodak Company
2010-08-18 22:49:22 0 d-----w- c:\windows\system32\kodak
2010-08-18 22:41:23 0 d-----w- c:\program files\Kodak
2010-08-18 22:39:37 0 d-----w- c:\program files\Bonjour
2010-08-18 22:38:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-08-18 00:34:44 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-17 20:10:04 0 d-----w- c:\program files\Windows Media Connect 2
2010-08-17 20:01:02 0 d-----w- c:\program files\ATI
2010-08-17 19:59:58 0 d-----w- C:\ATI
2010-08-17 19:58:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-17 19:58:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-17 19:53:52 0 d-----w- c:\program files\FileHippo.com
2010-08-17 19:53:05 0 d-----w- c:\program files\Paint.NET
2010-08-17 19:52:47 0 d-----w- c:\program files\High Quality Photo Resizer
2010-08-17 19:52:37 0 d-----w- c:\program files\ImRe
2010-08-17 19:23:19 0 d-----w- c:\program files\UPHClean
2010-08-17 19:02:36 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-17 19:02:20 0 d-----w- c:\docume~1\lidsey\applic~1\Malwarebytes
2010-08-17 19:02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:02:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-17 19:02:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 19:02:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 18:59:40 0 d-----w- c:\docume~1\lidsey\applic~1\BeautyGuide
2010-08-17 18:59:26 0 d-----w- c:\program files\Two Pilots
2010-08-17 18:59:24 0 d-----w- c:\program files\Beauty Guide
2010-08-17 18:58:17 21141 ----a-w- c:\windows\is-0322N.msg
2010-08-17 18:58:17 1314816 ----a-w- c:\windows\is-0322N.exe
2010-08-17 18:58:17 1070 ----a-w- c:\windows\is-0322N.lst
2010-08-17 18:52:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-17 18:52:20 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-17 18:52:05 0 d-----w- c:\program files\K-Lite Codec Pack
2010-08-17 18:48:18 0 d-----w- c:\program files\CCleaner
2010-08-17 18:42:48 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-08-17 18:41:50 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-17 18:41:50 0 d-----w- c:\documents and settings\all users\Microsoft
2010-08-17 18:40:10 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-17 18:39:22 0 d-----w- c:\program files\Microsoft Analysis Services
2010-08-17 17:23:01 0 ----a-w- c:\docume~1\lidsey\applic~1\wklnhst.dat
2010-08-17 14:09:58 0 d-----w- c:\docume~1\lidsey\applic~1\Temp
2010-08-17 14:08:41 0 d-----w- c:\program files\Tracker Software
2010-08-17 14:07:08 0 d-----w- c:\docume~1\lidsey\applic~1\TP
2010-08-17 14:00:40 0 d-----w- c:\program files\RandyRants.com
2010-08-17 06:00:43 0 d-----w- c:\docume~1\lidsey\applic~1\PhotoScape
2010-08-17 05:59:51 0 d-----w- c:\program files\PhotoScape
2010-08-17 05:37:29 0 d-----w- C:\3422480db27b5dcd81c0d71c35
2010-08-17 05:02:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-17 05:02:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-08-17 05:00:40 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-08-17 04:53:39 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-08-17 04:01:37 0 d-----w- c:\windows\system32\scripting
2010-08-17 04:01:34 0 d-----w- c:\windows\l2schemas
2010-08-17 04:01:33 0 d-----w- c:\windows\system32\en
2010-08-17 04:01:33 0 d-----w- c:\windows\system32\bits
2010-08-17 03:53:34 0 d-----w- c:\windows\network diagnostic
2010-08-17 03:37:38 0 d-----w- c:\docume~1\lidsey\applic~1\Avira
2010-08-16 18:24:10 0 d-----w- c:\windows\system32\XPSViewer
2010-08-16 18:23:08 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-16 18:23:08 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-16 18:23:08 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-16 18:23:08 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-16 18:23:08 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-16 18:23:07 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-16 18:23:07 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-16 18:23:07 0 d-----w- C:\0ebda5d4ae2ce975ad583065139751
2010-08-16 18:18:09 0 d-----w- c:\program files\MSXML 6.0
2010-08-16 10:53:59 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-08-16 10:33:46 766 ----a-w- c:\windows\system32\AddRemove.ico
2010-08-16 10:33:46 471264 ----a-w- c:\windows\system32\drivers\ar5211.sys
2010-08-16 10:33:46 32768 ----a-w- c:\windows\system32\RmWLAN.exe
2010-08-16 10:33:46 32768 ----a-w- c:\windows\system32\CloseACU.exe
2010-08-16 10:33:46 28672 ----a-w- c:\windows\system32\InstallInf.exe
2010-08-16 10:33:46 270336 ----a-w- c:\windows\system32\PlugPlayPCIDevice.exe
2010-08-16 10:29:19 4710 ----a-w- c:\windows\system32\MAINICON.ico
2010-08-16 10:25:39 0 d-----w- c:\docume~1\lidsey\applic~1\Intel
2010-08-16 10:15:54 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-16 10:10:35 49225 ----a-w- c:\windows\system32\athgina.dll
2010-08-16 10:07:54 0 d-sh--w- c:\documents and settings\lidsey\IECompatCache
2010-08-16 10:07:14 0 d-sh--w- c:\documents and settings\lidsey\PrivacIE
2010-08-16 09:45:43 0 d-----w- C:\Hotkey.temp
2010-08-16 09:36:33 0 d-sh--w- c:\documents and settings\lidsey\IETldCache
2010-08-16 09:33:33 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-08-16 09:33:16 697720 ----a-w- C:\WindowsXP-KB975713-x86-ENU.exe
2010-08-16 09:19:15 0 d-----w- c:\docume~1\lidsey\applic~1\You've Got Pictures Screensaver
2010-08-16 09:19:15 0 d-----w- c:\docume~1\lidsey\applic~1\AOL
2010-08-16 09:17:47 0 d-----w- c:\program files\Atheros
2010-08-16 09:13:14 0 d-----w- c:\program files\MSXML 4.0
2010-08-16 09:10:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-16 09:10:49 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-16 09:10:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-16 09:10:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-16 09:10:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-16 09:10:48 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-16 09:10:48 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-16 09:10:39 0 d-----w- c:\windows\ie8updates
2010-08-16 09:10:34 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-16 09:09:02 0 dc-h--w- c:\windows\ie8
2010-08-16 08:58:11 0 d-----w- c:\windows\ServicePackFiles
2010-08-16 08:50:28 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-16 08:45:51 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-16 08:45:43 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-16 08:45:21 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-16 08:43:52 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-16 08:43:51 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-16 08:38:41 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-16 08:36:12 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-08-16 08:36:01 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-08-16 08:34:45 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2010-08-16 08:33:27 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-08-16 08:33:27 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-08-16 08:33:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-08-16 08:33:26 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-08-16 08:33:26 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-16 08:33:26 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-08-16 08:33:25 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-08-16 08:33:25 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-16 08:33:24 2146304 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-16 08:33:22 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-16 08:32:56 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-16 08:32:55 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-08-16 08:31:56 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-08-16 08:30:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-16 08:30:34 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-16 08:30:26 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-16 08:29:19 23040 ------w- c:\windows\kb913800.exe
2010-08-16 08:26:02 0 d-----w- c:\windows\system32\PreInstall
2010-08-16 08:22:41 0 d-sh--w- c:\documents and settings\lidsey\UserData
2010-08-16 08:08:04 0 d-----w- c:\program files\Microsoft
2010-08-16 08:08:02 0 d-----w- c:\program files\MSN Toolbar
2010-08-16 08:06:09 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-08-16 08:06:07 0 d-----w- c:\program files\MSN Toolbar Installer
2010-08-16 07:32:54 0 d-----w- c:\program files\Startup Mechanic
2010-08-16 06:59:54 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-16 06:59:53 0 d-----w- c:\program files\Avira
2010-08-16 06:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-16 06:56:51 0 d-----w- c:\docume~1\lidsey\applic~1\IObit
2010-08-16 06:56:50 0 d-----w- c:\program files\IObit
2010-08-16 06:38:02 0 d-----w- c:\windows\IIS Temporary Compressed Files
2010-08-16 06:34:46 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-08-16 06:33:28 0 d-----w- c:\windows\system32\msmq
2010-08-16 06:33:27 0 d-----w- c:\windows\system32\Logfiles
2010-08-16 06:33:27 0 d-----w- C:\Inetpub
2010-08-16 06:32:03 0 d-----w- c:\windows\system32\appmgmt
2010-08-16 06:22:17 0 d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-09-08 08:41:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-08 08:41:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-16 10:29:13 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 2:16:18.67 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2010 5:18:13 AM
System Uptime: 9/13/2010 1:35:07 AM (1 hours ago)

Motherboard: TOSHIBA | | Satellite L35
Processor: Intel® Celeron® M CPU 410 @ 1.46GHz | U23 | 1466/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 128.042 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/16/2010 5:18:17 AM - System Checkpoint
RP2: 8/16/2010 2:43:44 AM - Removed Toshiba Media Center Game Console
RP3: 8/16/2010 2:58:27 AM - Advanced SystemCare RestorePoint
RP4: 8/16/2010 3:01:44 AM - Installed QuickTime
RP5: 8/16/2010 4:05:00 AM - Installed Driver Detective.
RP6: 8/16/2010 4:25:32 AM - Software Distribution Service 3.0
RP7: 8/16/2010 4:52:54 AM - Software Distribution Service 3.0
RP8: 8/16/2010 5:33:57 AM - Installed Windows XP KB975713.
RP9: 8/16/2010 5:43:09 AM - Removed TOSHIBA Assist
RP10: 8/16/2010 5:44:45 AM - Removed Atheros Wireless LAN MiniPCI/PCIe card Driver
RP11: 8/16/2010 5:46:26 AM - Configured Toshiba Utility
RP12: 8/16/2010 6:08:57 AM - Installed REALTEK GbE & FE Ethernet PCI NIC Driver
RP13: 8/16/2010 6:10:39 AM - Configured Atheros Client Utility
RP14: 8/16/2010 6:15:11 AM - Restore Operation
RP15: 8/16/2010 6:27:44 AM - Configured Atheros Client Utility
RP16: 8/16/2010 6:28:42 AM - Installed Atheros Client Utility
RP17: 8/16/2010 6:33:45 AM - Installed Atheros Wireless LAN MiniPCI/PCIe card Driver
RP18: 8/16/2010 6:58:48 AM - Software Distribution Service 3.0
RP19: 8/16/2010 2:16:17 PM - Software Distribution Service 3.0
RP20: 8/16/2010 11:33:59 PM - Software Distribution Service 3.0
RP21: 8/17/2010 1:04:36 AM - Software Distribution Service 3.0
RP22: 8/17/2010 1:36:53 AM - Software Distribution Service 3.0
RP23: 8/17/2010 1:53:07 AM - Software Distribution Service 3.0
RP24: 8/17/2010 9:53:28 AM - Installed WinZip 14.5
RP25: 8/17/2010 10:09:04 AM - Software Distribution Service 3.0
RP26: 8/17/2010 2:37:41 PM - Installed Microsoft Office Professional Plus 2010 Trial
RP27: 8/17/2010 2:46:16 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP28: 8/17/2010 3:23:18 PM - Installed User Profile Hive Cleanup Service
RP29: 8/17/2010 3:53:04 PM - Paint.NET v3.5.5
RP30: 8/17/2010 3:57:46 PM - Installed Java™ 6 Update 21
RP31: 8/17/2010 4:02:57 PM - Installed Windows XP -- Software Updates KB952011.
RP32: 8/17/2010 4:06:13 PM - Installed Windows Media Player 11
RP33: 8/17/2010 4:07:20 PM - Installed Windows XP Media Center Edition 2005 KB925766.
RP34: 8/17/2010 4:08:07 PM - Installed Windows XP Wudf01000.
RP35: 8/17/2010 4:11:03 PM - Installed Windows XP MSCompPackV1.
RP36: 8/18/2010 12:38:14 AM - Software Distribution Service 3.0
RP37: 8/19/2010 5:34:10 AM - System Checkpoint
RP38: 8/20/2010 5:35:51 AM - System Checkpoint
RP39: 8/21/2010 8:42:52 AM - System Checkpoint
RP40: 8/22/2010 9:05:56 AM - System Checkpoint
RP41: 8/23/2010 9:10:39 AM - System Checkpoint
RP42: 8/24/2010 3:36:45 PM - System Checkpoint
RP43: 8/25/2010 5:04:07 PM - System Checkpoint
RP44: 8/27/2010 12:38:21 AM - System Checkpoint
RP45: 8/28/2010 5:43:09 AM - System Checkpoint
RP46: 8/29/2010 7:22:33 AM - Removed Driver Detective.
RP47: 8/29/2010 7:56:19 AM - IObit Uninstaller RestorePoint
RP48: 8/30/2010 9:58:50 AM - System Checkpoint
RP49: 8/31/2010 4:52:03 PM - System Checkpoint
RP50: 9/1/2010 5:58:57 PM - System Checkpoint
RP51: 9/2/2010 11:10:27 PM - System Checkpoint
RP52: 9/3/2010 7:26:50 PM - Installed FBP - Facebook Blaster Pro
RP53: 9/3/2010 8:32:03 PM - Removed WinZip 14.5
RP54: 9/3/2010 8:33:26 PM - Removed Windows Live ID Sign-in Assistant
RP55: 9/5/2010 3:13:32 AM - System Checkpoint
RP56: 9/6/2010 4:09:58 AM - System Checkpoint
RP57: 9/7/2010 6:17:07 AM - System Checkpoint
RP58: 9/8/2010 8:35:27 AM - System Checkpoint
RP59: 9/8/2010 7:43:28 PM - IObit Uninstaller RestorePoint
RP60: 9/10/2010 3:16:41 AM - System Checkpoint
RP61: 9/11/2010 11:11:48 AM - System Checkpoint
RP62: 9/12/2010 6:33:16 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 9.16 beta
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Advanced SystemCare 3
aiofw
aioprnt
aioscnnr
AOL Coach Version 2.0(Build:20041026.5 en)
Apple Application Support
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Control Panel
ATI Display Driver
ATI Parental Control & Encoder
Avira AntiVir Personal - Free Antivirus
Beauty Guide Lite 1.2.2
Bonjour
C4USelfUpdater
CCleaner
CD/DVD Drive Acoustic Silencer
center
CoffeeCup Free HTML Editor
Definition update for Microsoft Office 2010 (KB982726)
DVD-RAM Driver
ESPNMotion
FBP - Facebook Blaster Pro
FileHippo.com Update Checker
FileZilla Client 3.3.4.1
GemMaster Mystic
High Definition Audio Driver Package - KB888111
High Quality Photo Resizer 5.02
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ImRe 2.1
Intel® PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java™ 6 Update 21
K-Lite Codec Pack 6.3.0 (Basic)
KODAK AiO Home Center
ksDIP
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote 2003
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.8)
mPfMgr
mPfWiz
mProSafe
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Paint.NET v3.5.5
PDF-Viewer
PhotoScape
Picasa 3
PreReq
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SharpKeys
Sonic Encoders
Startup Mechanic 2.7
Synaptics Pointing Device Driver
The Lord of the Rings FREE Trial
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
Toshiba Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Outlook Social Connector (KB983403)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
User Profile Hive Cleanup Service
WebFldrs XP
WildTangent Web Driver
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WYSIWYG Web Builder 6

==== Event Viewer Messages From Past Week ========

9/9/2010 12:02:51 PM, error: VolSnap [20] - The shadow copy of volume C: was aborted because of a failed free space computation.
9/8/2010 4:32:33 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0016E370E2F8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/8/2010 4:32:02 AM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
9/8/2010 4:32:02 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
9/8/2010 4:32:02 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the NT LM Security Support Provider service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/7/2010 12:50:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
9/6/2010 12:24:48 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.101 with the system having network hardware address 90:4C:E5:A5:76:09. Network operations on this system may be disrupted as a result.
9/13/2010 1:37:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
9/12/2010 4:17:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/12/2010 4:16:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ACS service.
9/10/2010 6:10:54 PM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0016E370E2F8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-13 09:06:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\lidsey\LOCALS~1\Temp\pwliyfob.sys


---- System - GMER 1.0.15 ----

SSDT F7DCA156 ZwCreateKey
SSDT F7DCA14C ZwCreateThread
SSDT F7DCA15B ZwDeleteKey
SSDT F7DCA165 ZwDeleteValueKey
SSDT F7DCA16A ZwLoadKey
SSDT F7DCA138 ZwOpenProcess
SSDT F7DCA13D ZwOpenThread
SSDT F7DCA174 ZwReplaceKey
SSDT F7DCA16F ZwRestoreKey
SSDT F7DCA160 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA7CC06D0]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\dmio.sys entry point in ".rsrc" section [0xF7703B14]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 856B3EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\dmio.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by elise025, 14 September 2010 - 02:16 PM.


BC AdBot (Login to Remove)

 


#2 wanttohelp

wanttohelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 15 September 2010 - 12:40 AM

i did a reinstall.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 15 September 2010 - 01:51 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users