Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Google Re-direct Virus Help!


  • This topic is locked This topic is locked
18 replies to this topic

#1 ChristieF1111

ChristieF1111

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 October 2010 - 09:41 AM

Hello,

I am at my wits end trying to fugure this out and am hoping someone here can give me some advice.

I noticed yesterday when trying to google a page, it would re-direct me to a completely different page. I ran Symantec Antivirus and it supposedly quarantined a few items, but some were left alone. I hoped this fixed the prob. but it did not. Long story short, I ran Malware Bytes (after trying for hours to access the site since the virus kept re-directing me and once I was there, the virus had manipulated somethign on my computer so it would not download). I checked my firewall settings and they were grayed out and set to Off. There was a message indicating it was because of Group Policy settings, which is not at all set up through this computer. Downloaded Malware onto a flash drive on another computer, installed it on mine on safe mode and ran the scan. It found nothing. I downloaded Hijack This and have a log, but when I tried to post the log in this forum earlier, it indicated I had an older version of Hijack this, so it was never posted. I cannot download the newer version for some reason, I'm assuming because of the virus. I also have a log that I have no idea where it could have come from that I will paste to this post.

If someone could PLEASE help me out, I would really appreciate it!

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x1a3098dc, pid=3412, tid=348
#
# Java VM: Java HotSpot™ Client VM (10.0-b23 mixed mode windows-x86)
# Problematic frame:
# C 0x1a3098dc
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x1ab20800): JavaThread "thread applet-JavaUpdateManager" [_thread_in_native, id=348, stack(0x1b770000,0x1b870000)]

siginfo: ExceptionCode=0xc0000005, ExceptionInformation=0x00000008 0x1a3098dc

Registers:
EAX=0x00000000, EBX=0x28e30cb8, ECX=0x1a308300, EDX=0x00000000
ESP=0x1b86fa40, EBP=0x255a255a, ESI=0x28e30cb8, EDI=0x1ab20800
EIP=0x1a3098dc, EFLAGS=0x00010246

Top of Stack: (sp=0x1b86fa40)
0x1b86fa40: 1b86fa40 28e30cb8 1b86fa74 28e31380
0x1b86fa50: 00000000 28e30cb8 00000000 1b86fa70
0x1b86fa60: 1b86fa9c 18112d93 00000000 18118099
0x1b86fa70: 226b0890 226bcf88 226bcf88 1b86fa7c
0x1b86fa80: 28e30c17 1b86faac 28e31380 00000000
0x1b86fa90: 28e30c38 1b86fa70 1b86faa8 1b86fad0
0x1b86faa0: 18112cb1 226be620 226b0890 226bcf88
0x1b86fab0: 1b86fab0 28e301c1 1b86fae8 28e31380

Instructions: (pc=0x1a3098dc)
0x1a3098cc: 40 04 5b 28 f0 d3 5c 28 e0 da 5c 28 68 98 5c 28
0x1a3098dc: b8 0c e3 28 50 11 e3 28 68 98 5c 28 c0 1d e3 28


Stack: [0x1b770000,0x1b870000], sp=0x1b86fa40, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x1a3098dc

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::StubRoutines (1)

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x1a305400 JavaThread "Thread-12" [_thread_blocked, id=3900, stack(0x1b470000,0x1b570000)]
0x1aba1800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3492, stack(0x1b570000,0x1b670000)]
0x1ab43c00 JavaThread "Image Fetcher 3" daemon [_thread_blocked, id=1700, stack(0x1b870000,0x1b970000)]
0x1ab3f800 JavaThread "Image Fetcher 2" daemon [_thread_blocked, id=3156, stack(0x1b670000,0x1b770000)]
0x1ab3f400 JavaThread "Image Fetcher 1" daemon [_thread_blocked, id=3552, stack(0x1b270000,0x1b370000)]
0x1a30a000 JavaThread "Image Fetcher 0" daemon [_thread_blocked, id=3104, stack(0x1b070000,0x1b170000)]
0x1ab2b400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3608, stack(0x08fa0000,0x090a0000)]
=>0x1ab20800 JavaThread "thread applet-JavaUpdateManager" [_thread_in_native, id=348, stack(0x1b770000,0x1b870000)]
0x1a304000 JavaThread "AWT-EventQueue-4" [_thread_blocked, id=2248, stack(0x1b370000,0x1b470000)]
0x1a236800 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=3276, stack(0x1aa10000,0x1ab10000)]
0x1a15f000 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3684, stack(0x1a810000,0x1a910000)]
0x1a15ac00 JavaThread "CacheMemoryCleanUpThread" [_thread_blocked, id=3720, stack(0x1a710000,0x1a810000)]
0x1a151000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3628, stack(0x1a610000,0x1a710000)]
0x1a140800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1920, stack(0x1a510000,0x1a610000)]
0x1a13fc00 JavaThread "AWT-Shutdown" [_thread_in_native, id=3280, stack(0x1a410000,0x1a510000)]
0x1a13d400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4016, stack(0x1a310000,0x1a410000)]
0x0f742400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=460, stack(0x0fdb0000,0x0feb0000)]
0x0f73c800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3092, stack(0x0fcb0000,0x0fdb0000)]
0x0f73b400 JavaThread "Attach Listener" daemon [_thread_blocked, id=3596, stack(0x0fbb0000,0x0fcb0000)]
0x0f73a800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2460, stack(0x0fab0000,0x0fbb0000)]
0x0f729400 JavaThread "Finalizer" daemon [_thread_blocked, id=1496, stack(0x0f9b0000,0x0fab0000)]
0x0f728400 JavaThread "Reference Handler" daemon [_thread_blocked, id=1004, stack(0x0f8b0000,0x0f9b0000)]

Other Threads:
0x0f723c00 VMThread [stack: 0x0f7b0000,0x0f8b0000] [id=2152]
0x0f74c000 WatcherThread [stack: 0x0feb0000,0x0ffb0000] [id=3312]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 5504K, used 1333K [0x225b0000, 0x22ba0000, 0x22d10000)
eden space 4928K, 27% used [0x225b0000, 0x226fd3c8, 0x22a80000)
from space 576K, 0% used [0x22a80000, 0x22a80180, 0x22b10000)
to space 576K, 0% used [0x22b10000, 0x22b10000, 0x22ba0000)
tenured generation total 71760K, used 51247K [0x22d10000, 0x27324000, 0x285b0000)
the space 71760K, 71% used [0x22d10000, 0x25f1bcf0, 0x25f1be00, 0x27324000)
compacting perm gen total 12288K, used 8838K [0x285b0000, 0x291b0000, 0x2c5b0000)
the space 12288K, 71% used [0x285b0000, 0x28e518c8, 0x28e51a00, 0x291b0000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x0049c000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f03000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x629c0000 - 0x629c9000 C:\WINDOWS\system32\LPK.DLL
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 - 0x5d12a000 C:\WINDOWS\system32\comctl32.dll
0x3e1c0000 - 0x3ec54000 C:\WINDOWS\system32\IEFRAME.dll
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x451f0000 - 0x451f6000 C:\Program Files\Internet Explorer\xpshims.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x10100000 - 0x1010e000 C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x00dd0000 - 0x00e6b000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x01720000 - 0x019e5000 C:\WINDOWS\system32\xpsp2res.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x01a00000 - 0x01a09000 C:\WINDOWS\system32\Normaliz.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x439b0000 - 0x439f0000 C:\Program Files\Internet Explorer\ieproxy.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\NETAPI32.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\MLANG.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x10000000 - 0x10011000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
0x7c420000 - 0x7c4a7000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll
0x02df0000 - 0x02e00000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x02ff0000 - 0x0307f000 C:\Program Files\Yahoo!\Search Protection\ysp.dll
0x4d4f0000 - 0x4d549000 C:\WINDOWS\system32\WINHTTP.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\imagehlp.dll
0x7e720000 - 0x7e7d0000 C:\WINDOWS\system32\SXS.DLL
0x03430000 - 0x03606000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\wsock32.dll
0x69450000 - 0x69466000 C:\WINDOWS\system32\faultrep.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x76f50000 - 0x76f58000 C:\WINDOWS\system32\WTSAPI32.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\olepro32.dll
0x42b80000 - 0x42b89000 C:\WINDOWS\system32\jsproxy.dll
0x6d7c0000 - 0x6d83b000 C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre1.6.0_07\bin\MSVCR71.dll
0x03a10000 - 0x03a60000 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x03b70000 - 0x03f69000 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_65EB47E0814C2821.dll
0x74c80000 - 0x74cac000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760e5000 C:\WINDOWS\system32\MSVCP60.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x4ec50000 - 0x4edfb000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x7d9a0000 - 0x7db05000 C:\WINDOWS\system32\query.dll
0x040f0000 - 0x04290000 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll
0x044a0000 - 0x04572000 C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x04590000 - 0x045a9000 C:\Program Files\Dell\BAE\BAE.dll
0x71d40000 - 0x71d5b000 C:\WINDOWS\system32\actxprxy.dll
0x3cea0000 - 0x3d450000 C:\WINDOWS\system32\mshtml.dll
0x04940000 - 0x04969000 C:\WINDOWS\system32\msls31.dll
0x42070000 - 0x4209f000 C:\WINDOWS\system32\iepeers.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\system32\msimtf.dll
0x3d7a0000 - 0x3d854000 C:\WINDOWS\system32\jscript.dll
0x7b860000 - 0x7b95d000 c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
0x7b970000 - 0x7bf2e000 c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcore.dll
0x1b000000 - 0x1b00c000 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 - 0x1b06e000 C:\WINDOWS\system32\pngfilt.dll
0x072e0000 - 0x078c3000 C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x73b30000 - 0x73b45000 C:\WINDOWS\system32\mscms.dll
0x767f0000 - 0x76818000 C:\WINDOWS\system32\schannel.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737ab000 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x73940000 - 0x73a10000 C:\WINDOWS\system32\D3DIM700.DLL
0x47060000 - 0x47081000 C:\WINDOWS\system32\XmlLite.dll
0x35c50000 - 0x35c89000 C:\WINDOWS\system32\Dxtrans.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x35cb0000 - 0x35d07000 C:\WINDOWS\system32\Dxtmsft.dll
0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll
0x07e00000 - 0x07e0d000 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
0x0b990000 - 0x0ba31000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
0x01b50000 - 0x01b6c000 C:\Program Files\Adobe\Reader 9.0\Reader\bib.dll
0x0d3d0000 - 0x0e752000 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll
0x0e760000 - 0x0ed00000 C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll
0x0ed00000 - 0x0ef5f000 C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll
0x0be30000 - 0x0bef4000 C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE16~2.0_0 -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE16~2.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE16~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE16~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE16~2.0_0
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins;C:\Program Files\Adobe\Reader 9.0\Reader\;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;.
USERNAME=Christie
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 7 stepping 6, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 2052644k(1106608k free), swap 3990596k(3192220k free)

vm_info: Java HotSpot™ Client VM (10.0-b23) for windows-x86 JRE (1.6.0_07-b06), built on Jun 10 2008 01:14:11 by "java_re" with MS VC++ 7.1

time: Thu Oct 07 10:15:37 2010
elapsed time: 6 seconds

And my Hijack This Log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:30 AM, on 10/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\christie\LOCALS~1\Temp\Temporary Directory 1 for RootkitBuster_2.80.1077[1].zip\RootkitBuster.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080819
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219421388208
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hooverstraining.webex.com/client/T2...ing/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\Software\..\Telephony: DomainName = Protiro.Local
O17 - HKLM\System\CCS\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\System\CS1\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\System\CS2\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12375 bytes

EDIT: Posts merged ~BP

Edited by Budapest, 09 October 2010 - 04:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 15 October 2010 - 11:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 18 October 2010 - 09:48 AM

Hi Gringo,

Thank you SO much for helping me out with this!!!!!! Here are the logs you requested.


DDS (Ver_10-10-10.03) - NTFSx86
Run by Christie at 8:13:38.29 on Mon 10/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1281 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\christie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219421388208
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/chuzzle/popcaploader.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hooverstraining.webex.com/client/T26L/training/ieatgpc.cab
TCP: {54503BA6-8EB2-4A75-9E5B-B85A794DBD7F} = 10.1.1.200
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-23 213768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101015.007\naveng.sys [2010-10-15 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101015.007\navex15.sys [2010-10-15 1371184]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-12-23 79880]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-12-23 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-12-23 34216]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-8-21 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-8-21 14336]

=============== Created Last 30 ================

2010-10-14 14:09:27 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 14:09:27 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 14:09:27 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 14:09:20 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 15:06:13 388096 ----a-r- c:\docume~1\christie\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-08 14:31:26 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-07 22:33:01 -------- d-----w- c:\program files\Trend Micro
2010-10-07 22:11:16 -------- d-----w- c:\program files\CCleaner
2010-10-07 21:38:47 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-07 20:25:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 19:27:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 19:27:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 19:27:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-07 19:27:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-07 19:23:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-07 19:23:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-07 18:40:55 -------- d-----w- c:\docume~1\christie\applic~1\Malwarebytes
2010-10-07 18:38:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes(2)
2010-09-22 19:51:06 -------- d-sh--w- c:\documents and settings\christie\IECompatCache

==================== Find3M ====================

2010-10-15 15:30:44 507904 ------w- c:\windows\system32\winlogon.exe
2010-10-15 15:29:47 1033728 ------w- c:\windows\explorer.exe
2010-10-07 20:24:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 8:14:01.50 ===============





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB5344000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0x9D4FE000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101015.007\navex15.sys 1368064 bytes (Symantec Corporation, AV Engine)
0x9DC01000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 819200 bytes
0xB9E43000 iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D6D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9DFAB000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9DD77000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9DE12000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0x9E770000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0x9DCE6000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB51B6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9DF1F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9E1BE000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0x9D8A4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0x9E7F4000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xB52EF000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0x9CAB4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9DEE4000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0x9DD44000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB5214000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9DABC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D40000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9BDB8000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9DDE7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB52A3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9DE96000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9DEBE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9E7D0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB52CB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB526C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9DE74000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9E19C000 C:\Program Files\Symantec\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E23000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9DCC9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9D26000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9DFA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5255000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D255000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9D4EA000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101015.007\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB528F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0x9E188000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB5330000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9DF78000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E11000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5244000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA4368000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xA09C9000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9D362000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA09D9000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB5E74000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB5DF4000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA168000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB5E54000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB5E64000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB5E84000 C:\WINDOWS\system32\DRIVERS\dwvkbd.sys 40960 bytes (DameWare, DameWare Virtual Keyboard Driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA09E9000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0x9CA3C000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xB5E34000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB5E04000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB5E44000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9F4AE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9BF63000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9FECC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xBA368000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xA35A6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA12DE000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9FDF1000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA400000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA468000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9E85F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB5D73000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9CD5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9CA5000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA598000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9E863000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA1371000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0x9E857000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA2D46000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5DC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5FA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5EC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA616000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6B4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6B1000 C:\WINDOWS\system32\DRIVERS\DamewareMini.sys 4096 bytes (DameWare Development, Inc., DameWare Development Mirror Miniport Driver)
0xBA7B7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7CA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 18 October 2010 - 03:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 19 October 2010 - 01:37 PM

Hi Gringo,

Thank you again for your help with this :) The computer seems to be working ok. I am not being re-directed at all so far. It always happened when I tried to access the Malware Bytes website, and this time I was able to click on it and it took me directly to the page.

Here is the ComboFix log you requested:

ComboFix 10-10-18.06 - Christie 10/19/2010 12:24:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1309 [GMT -6:00]
Running from: c:\documents and settings\christie\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-14 14:09 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 14:09 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 14:09 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 14:09 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 15:06 . 2010-10-08 15:06 388096 ----a-r- c:\documents and settings\christie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-08 14:31 . 2010-10-08 14:31 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-07 22:33 . 2010-10-07 22:33 -------- d-----w- c:\program files\Trend Micro
2010-10-07 22:11 . 2010-10-07 22:11 -------- d-----w- c:\program files\CCleaner
2010-10-07 21:38 . 2010-10-07 21:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-07 20:51 . 2010-10-07 20:57 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-07 20:25 . 2010-10-07 20:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 19:46 . 2010-10-07 19:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-07 19:27 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 19:27 . 2010-10-07 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-07 19:27 . 2010-10-07 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-07 19:27 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 19:23 . 2010-10-07 19:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-07 18:40 . 2010-10-07 18:40 -------- d-----w- c:\documents and settings\christie\Application Data\Malwarebytes
2010-09-29 23:01 . 2010-09-29 23:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-22 19:51 . 2010-09-22 19:51 -------- d-sh--w- c:\documents and settings\christie\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2010-10-15 . 3FC15946D03850C2BCE7FFBA7C86C2C6 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2010-10-15 . 7D89F00A1D91B7C15036ACEC977E32BD . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-02-05 78336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-11 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 4:00 AM 26624]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 2:58 AM 133968]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 4:00 AM 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:11 AM 102448]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [8/21/2008 2:57 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [8/21/2008 2:57 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {54503BA6-8EB2-4A75-9E5B-B85A794DBD7F} = 10.1.1.200
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1196)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-10-19 12:27:20
ComboFix-quarantined-files.txt 2010-10-19 18:27

Pre-Run: 62,886,678,528 bytes free
Post-Run: 62,988,558,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5F03F82EB59E6A79B712EC8B09548D3A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 19 October 2010 - 04:03 PM

Run Batch File

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
copy /y c:\windows\ServicePackFiles\i386\winlogon.exe c:\
copy /y c:\windows\ServicePackFiles\i386\explorer.exe c:\
del %0
Save this as copy.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.
It should look like this: Posted Image <--vista
It should look like this: Posted Image <--XP
Double-click on copy.bat to run it. This batchfile will delete itself when complete.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
winlogon.exe
explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 20 October 2010 - 09:36 AM

Hi Gringo,

I was able to run the batch file on the first step you gave me, but now I'm stuck on downloading SystemLook from the links your provided. Each time I download the file, save it to my desktop and then double click on the application to run it, I get this error

"C:Documents and Settings/christie/Desktop/SystemLook.exe

This application has failed to start because the application conficguration is incorrect. Reinstalling the application may fix the problem"

I've tried doing this several times with both links you have provided and get the same result.

The computer does seem to be working much better though. I've had no redirects at all :)

Thanks in advance for your help!

~Christie

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 20 October 2010 - 10:26 AM

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
    • /md5start
      explorer.exe
      userinit.exe
      wininit.exe
      winlogon.exe
      /md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 20 October 2010 - 10:50 AM

Hi Gringo,

Here is the OTL.Txt Log:

OTL logfile created on: 10/20/2010 9:42:30 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\christie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 58.71 Gb Free Space | 78.90% Space Free | Partition Type: NTFS
Drive G: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive P: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive Q: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive R: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive S: | 113.94 Gb Total Space | 109.73 Gb Free Space | 96.31% Space Free | Partition Type: NTFS
Drive X: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive Y: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS

Computer Name: VIPER | User Name: Christie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 09:42:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\christie\Desktop\OTL.exe
PRC - [2010/10/15 09:29:47 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/01/08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/02/26 09:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/05 14:57:10 | 000,078,336 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2008/02/05 14:56:56 | 000,232,960 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/24 18:12:48 | 001,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/01/23 02:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/11/08 14:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/20 09:42:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\christie\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/02/05 14:56:56 | 000,232,960 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/23 02:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\christie\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/16 13:48:40 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/15 05:30:55 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/15 05:30:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/21 16:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/03 12:24:42 | 000,055,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/03/03 12:24:24 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2009/03/03 12:23:54 | 000,213,768 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/03 12:23:36 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2009/03/03 12:23:30 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 20:11:04 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/24 18:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/09/24 18:12:48 | 000,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/07/23 17:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/06/28 14:21:38 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/01 12:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 15:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/13 12:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/15 04:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 04:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080819
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080819

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/10/19 12:26:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219421388208 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse.com/games/chuzzle/popcaploader.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hooverstraining.webex.com/client/T26L/training/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Protiro.Local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\christie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\christie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/20 09:41:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\christie\Desktop\OTL.exe
[2010/10/20 08:22:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/19 12:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\christie\Desktop\Dot Hill Training Materials
[2010/10/19 12:23:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/19 12:19:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/19 12:19:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/19 12:19:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/19 12:19:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/19 12:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/19 12:11:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/15 08:05:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/08 08:31:26 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/07 16:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/07 16:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/07 15:38:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/10/07 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/07 14:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/07 13:27:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 13:27:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 13:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 13:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 12:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\christie\Application Data\Malwarebytes
[2010/10/07 12:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
[2010/10/07 10:15:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/09/22 13:51:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\christie\IECompatCache
[2010/09/10 12:18:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\christie\PrivacIE
[2010/09/10 12:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/09/10 12:17:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\christie\IETldCache
[2010/09/10 12:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/10 12:14:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/09/10 12:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/09/10 12:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/09/10 12:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/09/03 08:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/30 08:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/29 09:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\christie\Local Settings\Application Data\Temp
[2010/07/29 08:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/29 08:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/20 09:42:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\christie\Desktop\OTL.exe
[2010/10/20 08:00:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/20 07:59:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 07:59:56 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 12:26:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/19 12:23:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/19 12:19:19 | 003,880,681 | R--- | M] () -- C:\Documents and Settings\christie\Desktop\ComboFix.exe
[2010/10/18 13:27:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Local Farm Fresh Eggs Ad.doc
[2010/10/18 08:21:35 | 000,002,966 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Attach.zip
[2010/10/18 08:13:21 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\dds.scr
[2010/10/18 08:04:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\christie\defogger_reenable
[2010/10/15 10:06:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/15 10:00:08 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\HiJackThis.lnk
[2010/10/15 08:48:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\christie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/10/15 08:48:27 | 000,384,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 08:48:27 | 000,054,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 08:47:32 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 08:05:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 15:36:56 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Sample Rates for IC at McKesson.xls
[2010/10/13 14:59:38 | 000,202,416 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\VOE, Kat Cicak.pdf
[2010/10/13 13:16:40 | 000,252,928 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Copy of Parker Job - 10-13-10.xls
[2010/10/12 17:01:30 | 000,252,928 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Copy of Parker Job - 10-12-10.xls
[2010/10/08 08:31:26 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/07 16:13:43 | 000,063,374 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\cc_20101007_161324.reg
[2010/10/07 13:40:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/10/07 10:46:02 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\PTO Audit.xls
[2010/09/29 08:05:05 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Trillian.lnk
[2010/09/22 14:14:14 | 000,395,654 | ---- | M] () -- C:\Documents and Settings\christie\Desktop\Bells.JPG
[2010/09/15 17:08:21 | 000,067,078 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Cicak, Katarina 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:36:11 | 000,066,950 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Altomare, Fabio 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:58 | 000,068,538 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Rowe, Mary 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:50 | 000,068,588 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Rentz, Ross 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:41 | 000,066,994 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Zabow, Gary 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:33 | 000,066,981 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Xu, YiZI 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:25 | 000,067,037 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Wingard, Meaghan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:17 | 000,067,080 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Watkins, Cherisse 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:09 | 000,067,062 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Walowitz, Nathan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:30:01 | 000,068,622 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Van Lanen, Jeffrey 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:51 | 000,068,603 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Sullivan, Steve 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:43 | 000,067,016 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Schwartz, Mark 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:34 | 000,068,630 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Schmidt, Daniel 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:26 | 000,067,028 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Schima, Susan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:17 | 000,068,600 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Schima, Frank 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:29:00 | 000,067,032 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Hurst, Katherine 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:50 | 000,068,593 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Hati, Archita 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:42 | 000,067,042 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Haakinson, Eldon 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:32 | 000,068,574 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Gu, Dazhen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:24 | 000,067,023 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Goldstein, Nikki 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:14 | 000,068,626 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Gerrits, Thomas 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:28:05 | 000,068,578 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Geiss, Roy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:57 | 000,068,581 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Fujita, Chris 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:48 | 000,066,997 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Fortier, Tara 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:40 | 000,068,575 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Fell, Rachel 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:32 | 000,067,043 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Farhoodi, Farnaz 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:23 | 000,067,020 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Everett, Kerry 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:14 | 000,067,028 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Eardley, Matthew 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:27:05 | 000,067,112 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Doriese, William _Randy_ 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:55 | 000,067,050 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Dodson, Christopher 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:47 | 000,068,601 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Coddington, Ian 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:30 | 000,067,044 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Chou, Chin-Wen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:19 | 000,068,704 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Cho, Hsiao-Mei _Sherry_ 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:11 | 000,068,635 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Chiang, Chin-Jen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:26:01 | 000,067,019 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Chang, Edward 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:52 | 000,068,601 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Brown, Kenton 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:44 | 000,068,600 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Bronstein, Noah 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:36 | 000,067,025 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Braje, Danielle 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:27 | 000,067,017 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Blanchard, Paul 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:17 | 000,068,594 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Bickman, Sarah 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:08 | 000,067,015 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Axelrod, Keith, 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:25:00 | 000,068,596 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Preusser, Jan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:24:50 | 000,067,012 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Pomper, William 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:24:41 | 000,067,018 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Penczek, John 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:24:33 | 000,067,046 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Oreskovic, Tammy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:24:25 | 000,068,579 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Olbrich, Emil 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:24:16 | 000,067,012 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Olaya, David 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:51 | 000,066,986 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Nembach, Hans 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:42 | 000,066,995 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Muhle, Cindy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:33 | 000,067,054 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\McColskey, David 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:25 | 000,067,020 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Lita, Adriana 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:17 | 000,068,607 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Krinsky, Jeff 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:08 | 000,067,033 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Kotsubo, Vincent 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:23:00 | 000,068,600 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Jeerage, Kavita 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 16:22:04 | 000,067,050 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Appleton, Paul 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:55 | 000,013,338 | ---- | M] () -- C:\Documents and Settings\christie\My Documents\Profit Share Contribution letter Template 9-10.pdf
[2010/09/10 12:17:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\christie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/30 09:17:19 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\christie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 08:13:28 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\christie\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/30 08:13:28 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/19 12:23:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/19 12:23:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/19 12:19:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/19 12:19:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/19 12:19:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/19 12:19:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/19 12:19:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/19 12:19:08 | 003,880,681 | R--- | C] () -- C:\Documents and Settings\christie\Desktop\ComboFix.exe
[2010/10/18 13:27:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Local Farm Fresh Eggs Ad.doc
[2010/10/18 08:21:35 | 000,002,966 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Attach.zip
[2010/10/18 08:13:19 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\dds.scr
[2010/10/18 08:04:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\christie\defogger_reenable
[2010/10/15 10:16:35 | 2101,981,184 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/15 10:06:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/14 15:36:56 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Sample Rates for IC at McKesson.xls
[2010/10/13 14:59:38 | 000,202,416 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\VOE, Kat Cicak.pdf
[2010/10/13 13:16:40 | 000,252,928 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Copy of Parker Job - 10-13-10.xls
[2010/10/12 17:01:30 | 000,252,928 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Copy of Parker Job - 10-12-10.xls
[2010/10/08 09:06:13 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\HiJackThis.lnk
[2010/10/07 16:13:29 | 000,063,374 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\cc_20101007_161324.reg
[2010/10/07 13:40:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/10/07 10:46:02 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\PTO Audit.xls
[2010/09/22 17:02:16 | 000,395,654 | ---- | C] () -- C:\Documents and Settings\christie\Desktop\Bells.JPG
[2010/09/15 16:35:53 | 000,066,950 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Altomare, Fabio 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:44 | 000,067,054 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\McColskey, David 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:36 | 000,067,020 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Lita, Adriana 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:26 | 000,068,607 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Krinsky, Jeff 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:18 | 000,067,033 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Kotsubo, Vincent 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:10 | 000,068,600 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Jeerage, Kavita 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:30:02 | 000,067,032 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Hurst, Katherine 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:54 | 000,068,593 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Hati, Archita 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:46 | 000,067,042 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Haakinson, Eldon 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:38 | 000,068,574 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Gu, Dazhen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:29 | 000,067,023 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Goldstein, Nikki 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:19 | 000,068,626 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Gerrits, Thomas 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:12 | 000,068,578 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Geiss, Roy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:29:03 | 000,068,581 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Fujita, Chris 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:55 | 000,066,997 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Fortier, Tara 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:46 | 000,068,575 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Fell, Rachel 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:37 | 000,067,043 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Farhoodi, Farnaz 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:30 | 000,067,020 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Everett, Kerry 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:20 | 000,067,028 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Eardley, Matthew 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:11 | 000,067,112 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Doriese, William _Randy_ 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:28:01 | 000,067,050 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Dodson, Christopher 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:27:52 | 000,068,601 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Coddington, Ian 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:27:44 | 000,067,078 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Cicak, Katarina 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:27:12 | 000,068,635 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Chiang, Chin-Jen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:27:03 | 000,067,019 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Chang, Edward 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:55 | 000,068,601 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Brown, Kenton 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:46 | 000,068,600 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Bronstein, Noah 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:37 | 000,067,025 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Braje, Danielle 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:28 | 000,067,017 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Blanchard, Paul 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:18 | 000,068,594 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Bickman, Sarah 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:09 | 000,067,015 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Axelrod, Keith, 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:26:01 | 000,067,050 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Appleton, Paul 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:52 | 000,066,994 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Zabow, Gary 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:39 | 000,066,981 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Xu, YiZI 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:30 | 000,067,037 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Wingard, Meaghan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:21 | 000,067,080 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Watkins, Cherisse 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:14 | 000,067,062 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Walowitz, Nathan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:25:05 | 000,068,622 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Van Lanen, Jeffrey 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:58 | 000,068,603 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Sullivan, Steve 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:49 | 000,067,016 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Schwartz, Mark 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:40 | 000,068,630 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Schmidt, Daniel 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:31 | 000,067,028 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Schima, Susan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:22 | 000,068,600 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Schima, Frank 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:12 | 000,068,538 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Rowe, Mary 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:24:02 | 000,068,588 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Rentz, Ross 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:54 | 000,013,338 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Profit Share Contribution letter Template 9-10.pdf
[2010/09/15 15:23:44 | 000,068,596 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Preusser, Jan 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:35 | 000,067,012 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Pomper, William 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:27 | 000,067,018 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Penczek, John 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:18 | 000,067,046 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Oreskovic, Tammy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:23:08 | 000,068,579 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Olbrich, Emil 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:22:57 | 000,067,012 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Olaya, David 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:22:46 | 000,066,986 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Nembach, Hans 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:22:21 | 000,066,995 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Muhle, Cindy 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:16:54 | 000,067,044 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Chou, Chin-Wen 401k Q3_Q4 2009 Letter.pdf
[2010/09/15 15:16:47 | 000,068,704 | ---- | C] () -- C:\Documents and Settings\christie\My Documents\Cho, Hsiao-Mei _Sherry_ 401k Q3_Q4 2009 Letter.pdf
[2010/08/30 09:17:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\christie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 08:13:28 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\christie\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/30 08:13:28 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/01/11 15:42:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\External Build System
[2010/01/11 15:42:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\christie\Application Data\Equalizer
[2010/01/11 15:42:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/11 15:42:32 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Flange Saw
[2009/11/16 09:02:23 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\christie\Application Data\setup_ldm.iss
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 16:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\AR8PS.INI
[2009/05/27 10:19:34 | 000,000,576 | ---- | C] () -- C:\WINDOWS\DESI.INI
[2008/08/22 10:02:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/19 07:19:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/19 07:15:46 | 000,131,066 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/08/19 06:59:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/08/19 06:58:42 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/28 04:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 02:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/11 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/11 15:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/06/23 16:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/01/11 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/06/25 12:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/18 11:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christie\Application Data\KompoZer
[2009/09/11 12:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christie\Application Data\Leadertech
[2010/01/11 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christie\Application Data\Nikon
[2010/01/05 09:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christie\Application Data\Softland

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2010/10/15 09:29:47 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=7D89F00A1D91B7C15036ACEC977E32BD -- C:\WINDOWS\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2010/10/15 09:30:44 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=3FC15946D03850C2BCE7FFBA7C86C2C6 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\winlogon.exe

< >

< End of report >


Here is the Extras.Txt. Log

OTL Extras logfile created on: 10/20/2010 9:42:30 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\christie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 58.71 Gb Free Space | 78.90% Space Free | Partition Type: NTFS
Drive G: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive P: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive Q: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive R: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive S: | 113.94 Gb Total Space | 109.73 Gb Free Space | 96.31% Space Free | Partition Type: NTFS
Drive X: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS
Drive Y: | 146.49 Gb Total Space | 59.74 Gb Free Space | 40.78% Space Free | Partition Type: NTFS

Computer Name: VIPER | User Name: Christie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel® PRO Alerting Agent
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DESI Labeling System" = DESI Labeling System
"doPDF 7 printer_is1" = doPDF 7.0 printer
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SearchAssist" = SearchAssist
"StaffSoft Network Client" = StaffSoft Network Client
"Trillian" = Trillian
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2010 11:18:52 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Bamital!inf in File: c:\windows\system32\winlogon.exe
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 10/15/2010 11:18:53 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Bamital!inf in File: c:\windows\system32\winlogon.exe
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
Risk was partially removed.

Error - 10/15/2010 11:19:19 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Bamital!inf in File: c:\windows\system32\winlogon.exe
by: Defwatch scan. Action: Clean failed. Action Description: The file was left
unchanged.

Error - 10/15/2010 11:19:20 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Bamital!inf in File: c:\windows\system32\winlogon.exe
by: Defwatch scan. Action: Clean was partially successful.. Action Description:
Clean was partially successful.

Error - 10/15/2010 11:29:47 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Bamital!inf in File: C:\WINDOWS\explorer.exe
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 10/15/2010 11:31:19 AM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Bamital!inf in File: C:\WINDOWS\system32\winlogon.exe
by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description:
The file was repaired successfully.

Error - 10/15/2010 12:06:40 PM | Computer Name = VIPER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/19/2010 2:11:36 PM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 5836) Time: Tuesday, October 19, 2010 12:11:36
PM

Error - 10/19/2010 2:13:47 PM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 4776) Time: Tuesday, October 19, 2010 12:13:47
PM

Error - 10/19/2010 2:19:32 PM | Computer Name = VIPER | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 3500) Time: Tuesday, October 19, 2010 12:19:32
PM

[ System Events ]
Error - 10/20/2010 10:25:06 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\christie\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 10/20/2010 10:26:33 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/20/2010 10:26:33 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/20/2010 10:26:33 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\christie\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 10/20/2010 10:27:35 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/20/2010 10:27:35 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/20/2010 10:27:35 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\christie\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 10/20/2010 10:31:13 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/20/2010 10:31:13 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/20/2010 10:31:13 AM | Computer Name = VIPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\christie\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .


< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 20 October 2010 - 11:34 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Windows\explorer.exe
C:\WINDOWS\system32\winlogon.exe
MoveFile:
C:\explorer.exe C:\Windows\explorer.exe
C:\winlogon.exe C:\WINDOWS\system32\winlogon.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 20 October 2010 - 03:05 PM

Hi Gringo,

Here is the BlitzBlank report:

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\winlogon.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\winlogon.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe", replaceWithDummy = 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 20 October 2010 - 03:27 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DDS::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 20 October 2010 - 04:07 PM

Hi Gringo,

Here is the new ComboFix log:

ComboFix 10-10-18.06 - Christie 10/20/2010 15:01:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1358 [GMT -6:00]
Running from: c:\documents and settings\christie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\christie\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-14 14:09 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 14:09 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 14:09 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 14:09 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 15:06 . 2010-10-08 15:06 388096 ----a-r- c:\documents and settings\christie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-08 14:31 . 2010-10-08 14:31 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-07 22:33 . 2010-10-07 22:33 -------- d-----w- c:\program files\Trend Micro
2010-10-07 22:11 . 2010-10-07 22:11 -------- d-----w- c:\program files\CCleaner
2010-10-07 21:38 . 2010-10-07 21:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-07 20:51 . 2010-10-07 20:57 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-07 20:25 . 2010-10-07 20:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 19:46 . 2010-10-07 19:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-07 19:27 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 19:27 . 2010-10-07 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-07 19:27 . 2010-10-07 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-07 19:27 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 19:23 . 2010-10-07 19:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-07 18:40 . 2010-10-07 18:40 -------- d-----w- c:\documents and settings\christie\Application Data\Malwarebytes
2010-09-29 23:01 . 2010-09-29 23:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-22 19:51 . 2010-09-22 19:51 -------- d-sh--w- c:\documents and settings\christie\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-19_18.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-20 20:02 . 2010-10-20 20:02 16384 c:\windows\Temp\Perflib_Perfdata_2f8.dat
+ 2004-08-11 22:00 . 2010-10-20 20:02 507904 c:\windows\system32\winlogon.exe
- 2004-08-11 22:00 . 2010-10-15 15:30 507904 c:\windows\system32\winlogon.exe
+ 2004-08-11 22:00 . 2010-10-20 20:02 1033728 c:\windows\explorer.exe
- 2004-08-11 22:00 . 2010-10-15 15:29 1033728 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-02-05 78336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-11 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 4:00 AM 26624]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 2:58 AM 133968]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 4:00 AM 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:11 AM 102448]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [8/21/2008 2:57 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [8/21/2008 2:57 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {54503BA6-8EB2-4A75-9E5B-B85A794DBD7F} = 10.1.1.200
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-10-20 15:05:05
ComboFix-quarantined-files.txt 2010-10-20 21:05
ComboFix2.txt 2010-10-19 18:27

Pre-Run: 62,979,325,952 bytes free
Post-Run: 62,956,400,640 bytes free

- - End Of File - - 99E8B7D7D134685757ABFF5597E094D0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 20 October 2010 - 04:17 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.1
Java™ 6 Update 5
Java™ 6 Update 7


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ChristieF1111

ChristieF1111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 20 October 2010 - 04:50 PM

Ok Gringo,

Here is the MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2010 3:42:45 PM
mbam-log-2010-10-20 (15-42-45).txt

Scan type: Quick scan
Objects scanned: 186532
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:36 PM, on 10/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080819
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219421388208
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/chuzzle/popcaploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hooverstraining.webex.com/client/T26L/training/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\Software\..\Telephony: DomainName = Protiro.Local
O17 - HKLM\System\CCS\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\System\CS1\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Protiro.Local
O17 - HKLM\System\CS2\Services\Tcpip\..\{54503BA6-8EB2-4A75-9E5B-B85A794DBD7F}: NameServer = 10.1.1.200
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12080 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users