Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Vir symptoms


  • Please log in to reply
35 replies to this topic

#1 Frazzled1

Frazzled1

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 07 November 2010 - 01:14 PM

Hello, and thanks in advance. This may be a bit wordy, but I have been working for a couple of days on my own to fix this. I hope I haven't screwed things up too bad in doing so. About 3 days ago, AVG, and Windows firewall stopped working. Also I could not log on to the internet. I am using a wireless connection.

I tried system restore, but all my restore points were corrupted. Then I uninstalled AVG, thinking maybe it was corrupted and was blocking things,Same results

I started by trying to "Netsh firewall reset, and Netsh Winsock reset" to no avail. I looked at my services and the windows ICS was not started, when I tried manually I recieved an error 2 "cannot find the file specified"

IPconfig reports an internal error request not supported.
I then downloaded and ran, Winsockfix, LSPfix, sharedaccess.reg. None of which worked. I then suspected a virus and ran the latest DR Web cure-it program and it promptly found a Trojan Backdoor.Tdss.2459 which it removed. I googled this from another machine and also downloaded and ran TDSSkiller which found nothing.

I followed all this up with safe mode scans by SpybotS&D, M-Bam, and SAS, logs to accompany. As of this posting, I still cannot activate the Microsoft firewall, nor connect to the internet even though the system tray icon says I have a good connection. Oh and also boot up takes several minutes longer while xp is trying to start those stopped services.
I hope this is repairable as I am very frustrated by now.


DDS (Ver_10-11-05.01) - NTFSx86
Run by Rudy at 11:33:42.85 on Sun 11/07/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1286 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rudy\My Documents\Diagnostic\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoCommonGroups = 0 (0x0)
mPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
mPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: DisableMyPicturesDirChange = 0 (0x0)
mPolicies-explorer: DisableMyMusicDirChange = 0 (0x0)
mPolicies-explorer: DisableFavoritesDirChange = 0 (0x0)
mPolicies-explorer: GreyMSIAds = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: Yahoo! Dictionary
IE: Yahoo! Search
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rudy\applic~1\mozilla\firefox\profiles\18f9hcsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-11-12 144984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [2009-10-26 17672]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2009-11-12 645248]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-11-06 19:13:58 388096 ----a-r- c:\docume~1\rudy\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-06 19:13:57 -------- d-----w- c:\program files\Trend Micro
2010-11-05 19:37:55 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-11-05 19:35:35 -------- d-----w- c:\windows\ERUNT
2010-11-05 01:59:34 -------- d-----w- c:\program files\Resource Kit
2010-11-03 20:03:53 -------- d--h--w- c:\windows\PIF
2010-11-02 19:13:53 -------- d-----w- C:\ERDNT
2010-10-30 22:09:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-30 22:09:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-29 23:17:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-11-07 16:21:42 524252 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-18 17:23:26 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ---ha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ---ha-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ---ha-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ---ha-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ---ha-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ---ha-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ---ha-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ---ha-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ---ha-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ---ha-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 11:34:11.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 14 November 2010 - 09:26 AM

Hello Frazzled1

Welcome to BleepingComputer :)

Please give details on how the machine is running now and what the problems or any improvements in the system.
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 14 November 2010 - 06:10 PM

Hello,
OK, the computer is running the same as I can tell. Still unable to initialize windows firewall and/or connect to the internet. Still an internal error when I run ipconfig. Otherwise it seems to be running finewith the exception of my Windows\system32 folder not being able to be found by explorer. It must be there or the computer wouldn't run. Every program works fine unless it needs to connect to the internet, then that part produces an error. Below are the files you requested.
Hmmm, seems as if there is no extras.txt, only a duplicate of the OTL.txt. I renamed it to Extrasrun2.txt.

OTL logfile created on: 11/14/2010 4:14:31 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 7.33 Gb Free Space | 21.44% Space Free | Partition Type: NTFS

Computer Name: RUDYS | User Name: Rudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rudy\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\AstSrv.exe ( Advanced Software Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rudy\desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (EBOOSTRSVC) -- C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
SRV - (astcc) -- C:\WINDOWS\system32\AstSrv.exe ( Advanced Software Technologies)


========== Driver Services (SafeList) ==========

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys File not found
DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREDrv.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Rudy\LOCALS~1\Temp\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eBoost) -- C:\WINDOWS\system32\drivers\eBoost.sys (eBoostr.com)
DRV - (TSKNF900.SYS) -- C:\WINDOWS\system32\drivers\Tsknf900.sys (Igor Arsenin)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydial/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/15 10:51:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 14:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/13 10:35:33 | 000,000,000 | ---D | M]

[2009/06/22 08:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Extensions
[2010/10/28 10:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions
[2010/09/11 14:59:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/21 18:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/06/09 14:35:28 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/09/11 14:59:33 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/07/02 10:12:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/10/18 09:47:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/19 13:39:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 09:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/24 15:41:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/07/02 10:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\artur.dubovoy@gmail(2).com
[2010/08/30 14:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\tineye@ideeinc.com
[2010/11/13 10:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 10:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/13 10:35:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/05 14:46:13 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableMyPicturesDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableMyMusicDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableFavoritesDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoCommonGroups = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 16:13:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudy\Desktop\OTL.exe
[2010/11/14 16:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Desktop\OldLogs
[2010/11/13 18:31:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/13 10:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/13 10:35:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/13 10:35:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/13 10:35:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/13 10:35:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/11 08:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Local Settings\Application Data\PCHealth
[2010/11/11 08:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/11/11 08:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/06 16:52:35 | 004,465,104 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Rudy\Desktop\SASDEFINITIONS.EXE
[2010/11/06 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 13:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Application Data\WinRAR
[2010/11/05 13:37:55 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/11/05 13:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/11/05 11:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/05 11:43:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/05 10:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\My Documents\Diagnostic
[2010/11/04 19:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Kit
[2010/11/03 14:03:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/11/03 14:01:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudy\Recent
[2010/11/02 13:13:53 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/10/29 17:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 17:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudy\Desktop\OTL.exe
[2010/11/14 17:02:18 | 003,909,871 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\Commy.exe
[2010/11/14 16:10:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/14 16:04:41 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/14 16:04:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 16:04:30 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 16:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 10:35:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/13 10:35:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/13 10:35:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/13 10:35:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/13 10:35:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/07 11:33:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rudy\defogger_reenable
[2010/11/06 17:45:42 | 004,465,104 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Rudy\Desktop\SASDEFINITIONS.EXE
[2010/11/05 14:46:13 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/11/05 13:37:55 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/11/03 06:39:14 | 000,002,937 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\sharedaccess1.reg
[2010/11/02 13:25:18 | 000,798,760 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\OneCareFirewallRepair1.exe
[2010/10/31 21:36:54 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI
[2010/10/31 21:31:58 | 000,005,610 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\cc_20101031_223142.reg
[2010/10/28 16:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\prvlcl.dat
[2010/10/28 14:30:46 | 000,003,560 | ---- | M] () -- C:\Documents and Settings\Rudy\Application Data\wklnhst.dat
[2010/10/28 11:44:19 | 000,051,600 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\flood-information-flyer-07-26-2010.pdf
[2010/10/23 14:54:03 | 004,316,673 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\01-06-092 F09 Cust PartsMan.pdf
[2010/10/23 14:54:02 | 005,091,587 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\01-06-091_F09_OM.pdf
[2010/10/23 09:04:32 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\4066spec.doc
[2010/10/23 09:04:23 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\4065spec_1_.doc
[2010/10/23 08:59:33 | 000,053,730 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\MasonryWallRepair.pdf
[2010/10/23 08:48:55 | 000,041,246 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\MinPinTwiggyFullGrown.jpg
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/18 11:41:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\DefragExpress.job
[2010/10/18 10:17:36 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\Shortcut to mpnex20.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 16:13:22 | 003,909,871 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\Commy.exe
[2010/11/11 08:51:01 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/07 11:33:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rudy\defogger_reenable
[2010/11/05 14:50:38 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 20:08:18 | 000,798,760 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\OneCareFirewallRepair1.exe
[2010/11/03 13:30:53 | 000,002,937 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\sharedaccess1.reg
[2010/10/31 21:31:57 | 000,005,610 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\cc_20101031_223142.reg
[2010/10/28 11:44:19 | 000,051,600 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\flood-information-flyer-07-26-2010.pdf
[2010/10/23 14:54:02 | 004,316,673 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\01-06-092 F09 Cust PartsMan.pdf
[2010/10/23 14:54:01 | 005,091,587 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\01-06-091_F09_OM.pdf
[2010/10/23 09:04:31 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\4066spec.doc
[2010/10/23 09:04:22 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\4065spec_1_.doc
[2010/10/23 08:59:32 | 000,053,730 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\MasonryWallRepair.pdf
[2010/10/23 08:48:40 | 000,041,246 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\MinPinTwiggyFullGrown.jpg
[2010/10/18 10:17:36 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\Shortcut to mpnex20.lnk
[2010/07/10 19:18:43 | 000,206,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/08 11:25:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\prvlcl.dat
[2010/02/06 19:12:16 | 000,009,328 | -HS- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\qAbWac8
[2010/01/28 12:37:38 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/28 11:44:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/28 11:40:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/01/16 14:06:59 | 000,376,894 | ---- | C] () -- C:\WINDOWS\System32\PCDiagCPU.dll
[2010/01/16 14:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PCDiagNICTest.dll
[2010/01/16 14:06:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PCDiagMem.dll
[2010/01/16 14:06:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PCDUtils.dll
[2010/01/16 14:06:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PCDiagSerial.dll
[2010/01/16 14:06:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PCDiagDRV.dll
[2010/01/16 14:06:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\PCDiagDisc.dll
[2009/10/26 10:56:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\housecall.guid.cache
[2009/07/24 12:31:08 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/07/24 12:31:08 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/04/16 16:05:45 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/03/30 13:57:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/25 18:31:43 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009/03/24 11:42:23 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/03/24 11:42:01 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/02/24 12:00:49 | 000,003,560 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\wklnhst.dat
[2007/06/04 16:03:27 | 000,022,722 | ---- | C] () -- C:\WINDOWS\BOC423.INI
[2006/10/14 12:24:16 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/18 10:27:15 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/04/21 10:28:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\PFP120JPR.{PB
[2005/04/21 10:28:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\PFP120JCM.{PB
[2005/03/11 01:43:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 01:40:30 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 01:11:28 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/11 01:11:14 | 000,000,375 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/14 13:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/09/05 15:05:16 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\symplisc.dll
[1999/09/22 14:03:54 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL

========== LOP Check ==========

[2007/06/04 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC423
[2009/04/26 14:50:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/04/17 09:19:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/04/28 09:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CraigsPal
[2010/01/11 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/14 16:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eboostr
[2010/04/26 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/02/03 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2010/02/03 10:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keepsoft
[2010/11/03 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/12 17:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Modern Investment Technologies
[2009/04/16 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/16 12:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2010/03/14 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/18 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\AcuteFinder
[2009/04/17 09:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Canon
[2009/08/28 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ChemTable Software
[2010/02/03 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\com.innovizta.InnoSlice.9F6B6DB100F82DE5873947034FAFA47ACBB18B35.1
[2010/09/08 17:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\CyberDefender
[2010/07/02 10:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DeepBurner
[2010/05/04 09:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DeviceDoctorSoftware
[2010/01/11 19:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DriverCure
[2010/01/18 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Duplicate File Hunter
[2010/01/18 10:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Easy Duplicate Finder
[2010/07/10 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\GetRightToGo
[2010/08/09 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\GlarySoft
[2010/05/07 10:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ImgBurn
[2010/07/18 11:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\InfraRecorder
[2010/02/09 17:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Keepsoft
[2005/07/26 10:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Leadertech
[2010/02/04 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\MechCAD
[2010/03/14 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Money Manager Ex
[2009/04/16 16:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\NewSoft
[2009/10/05 08:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Opera
[2010/09/19 09:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Philipp Winterberg
[2010/06/30 08:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\QuuSoft
[2010/01/18 10:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Reasonable Software House Ltd
[2009/04/16 16:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ScanSoft
[2009/03/31 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\StarOffice
[2009/03/11 16:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Template
[2010/05/08 09:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\TweakNow RegCleaner
[2010/06/30 07:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Uniblue
[2010/10/18 11:41:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\DefragExpress.job
[2010/11/14 16:04:41 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/11/14 16:10:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 861 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FCD643
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Rudy\My Documents\PAVARK.exe:License
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL logfile created on: 11/14/2010 4:14:31 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 7.33 Gb Free Space | 21.44% Space Free | Partition Type: NTFS

Computer Name: RUDYS | User Name: Rudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rudy\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\AstSrv.exe ( Advanced Software Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rudy\desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (EBOOSTRSVC) -- C:\Program Files\eBoostr\EBstrSvc.exe (eBoostr.com)
SRV - (astcc) -- C:\WINDOWS\system32\AstSrv.exe ( Advanced Software Technologies)


========== Driver Services (SafeList) ==========

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys File not found
DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREDrv.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Rudy\LOCALS~1\Temp\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eBoost) -- C:\WINDOWS\system32\drivers\eBoost.sys (eBoostr.com)
DRV - (TSKNF900.SYS) -- C:\WINDOWS\system32\drivers\Tsknf900.sys (Igor Arsenin)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydial/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/15 10:51:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 14:27:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/13 10:35:33 | 000,000,000 | ---D | M]

[2009/06/22 08:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Extensions
[2010/10/28 10:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions
[2010/09/11 14:59:32 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/21 18:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/06/09 14:35:28 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/09/11 14:59:33 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/07/02 10:12:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/10/18 09:47:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/19 13:39:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 09:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/24 15:41:45 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/07/02 10:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\artur.dubovoy@gmail(2).com
[2010/08/30 14:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\extensions\tineye@ideeinc.com
[2010/11/13 10:35:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 10:35:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/13 10:35:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/05 14:46:13 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableMyPicturesDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableMyMusicDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableFavoritesDirChange = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoCommonGroups = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 16:13:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudy\Desktop\OTL.exe
[2010/11/14 16:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Desktop\OldLogs
[2010/11/13 18:31:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/13 10:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/13 10:35:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/13 10:35:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/13 10:35:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/13 10:35:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/11 08:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Local Settings\Application Data\PCHealth
[2010/11/11 08:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/11/11 08:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/06 16:52:35 | 004,465,104 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Rudy\Desktop\SASDEFINITIONS.EXE
[2010/11/06 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 13:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\Application Data\WinRAR
[2010/11/05 13:37:55 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/11/05 13:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/11/05 11:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/05 11:43:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/05 10:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudy\My Documents\Diagnostic
[2010/11/04 19:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Kit
[2010/11/03 14:03:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/11/03 14:01:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudy\Recent
[2010/11/02 13:13:53 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/10/29 17:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 17:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudy\Desktop\OTL.exe
[2010/11/14 17:02:18 | 003,909,871 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\Commy.exe
[2010/11/14 16:10:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/14 16:04:41 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/14 16:04:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 16:04:30 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 16:04:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 10:35:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/13 10:35:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/13 10:35:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/13 10:35:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/13 10:35:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/07 11:33:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rudy\defogger_reenable
[2010/11/06 17:45:42 | 004,465,104 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Rudy\Desktop\SASDEFINITIONS.EXE
[2010/11/05 14:46:13 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/11/05 13:37:55 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/11/03 06:39:14 | 000,002,937 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\sharedaccess1.reg
[2010/11/02 13:25:18 | 000,798,760 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\OneCareFirewallRepair1.exe
[2010/10/31 21:36:54 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI
[2010/10/31 21:31:58 | 000,005,610 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\cc_20101031_223142.reg
[2010/10/28 16:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\prvlcl.dat
[2010/10/28 14:30:46 | 000,003,560 | ---- | M] () -- C:\Documents and Settings\Rudy\Application Data\wklnhst.dat
[2010/10/28 11:44:19 | 000,051,600 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\flood-information-flyer-07-26-2010.pdf
[2010/10/23 14:54:03 | 004,316,673 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\01-06-092 F09 Cust PartsMan.pdf
[2010/10/23 14:54:02 | 005,091,587 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\01-06-091_F09_OM.pdf
[2010/10/23 09:04:32 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\4066spec.doc
[2010/10/23 09:04:23 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\4065spec_1_.doc
[2010/10/23 08:59:33 | 000,053,730 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\MasonryWallRepair.pdf
[2010/10/23 08:48:55 | 000,041,246 | ---- | M] () -- C:\Documents and Settings\Rudy\My Documents\MinPinTwiggyFullGrown.jpg
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/18 11:41:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\DefragExpress.job
[2010/10/18 10:17:36 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Rudy\Desktop\Shortcut to mpnex20.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 16:13:22 | 003,909,871 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\Commy.exe
[2010/11/11 08:51:01 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/07 11:33:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rudy\defogger_reenable
[2010/11/05 14:50:38 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 20:08:18 | 000,798,760 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\OneCareFirewallRepair1.exe
[2010/11/03 13:30:53 | 000,002,937 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\sharedaccess1.reg
[2010/10/31 21:31:57 | 000,005,610 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\cc_20101031_223142.reg
[2010/10/28 11:44:19 | 000,051,600 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\flood-information-flyer-07-26-2010.pdf
[2010/10/23 14:54:02 | 004,316,673 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\01-06-092 F09 Cust PartsMan.pdf
[2010/10/23 14:54:01 | 005,091,587 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\01-06-091_F09_OM.pdf
[2010/10/23 09:04:31 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\4066spec.doc
[2010/10/23 09:04:22 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\4065spec_1_.doc
[2010/10/23 08:59:32 | 000,053,730 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\MasonryWallRepair.pdf
[2010/10/23 08:48:40 | 000,041,246 | ---- | C] () -- C:\Documents and Settings\Rudy\My Documents\MinPinTwiggyFullGrown.jpg
[2010/10/18 10:17:36 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Rudy\Desktop\Shortcut to mpnex20.lnk
[2010/07/10 19:18:43 | 000,206,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/08 11:25:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\prvlcl.dat
[2010/02/06 19:12:16 | 000,009,328 | -HS- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\qAbWac8
[2010/01/28 12:37:38 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/28 11:44:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/28 11:40:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/01/16 14:06:59 | 000,376,894 | ---- | C] () -- C:\WINDOWS\System32\PCDiagCPU.dll
[2010/01/16 14:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PCDiagNICTest.dll
[2010/01/16 14:06:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PCDiagMem.dll
[2010/01/16 14:06:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PCDUtils.dll
[2010/01/16 14:06:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PCDiagSerial.dll
[2010/01/16 14:06:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PCDiagDRV.dll
[2010/01/16 14:06:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\PCDiagDisc.dll
[2009/10/26 10:56:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\housecall.guid.cache
[2009/07/24 12:31:08 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/07/24 12:31:08 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/04/16 16:05:45 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/03/30 13:57:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/25 18:31:43 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2009/03/24 11:42:23 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/03/24 11:42:01 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/02/24 12:00:49 | 000,003,560 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\wklnhst.dat
[2007/06/04 16:03:27 | 000,022,722 | ---- | C] () -- C:\WINDOWS\BOC423.INI
[2006/10/14 12:24:16 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Rudy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/18 10:27:15 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/04/21 10:28:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\PFP120JPR.{PB
[2005/04/21 10:28:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rudy\Application Data\PFP120JCM.{PB
[2005/03/11 01:43:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/11 01:40:30 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 01:11:28 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/11 01:11:14 | 000,000,375 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:03:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/14 13:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/09/05 15:05:16 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\symplisc.dll
[1999/09/22 14:03:54 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL

========== LOP Check ==========

[2007/06/04 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC423
[2009/04/26 14:50:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/04/17 09:19:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/04/28 09:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CraigsPal
[2010/01/11 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/14 16:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eboostr
[2010/04/26 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/02/03 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2010/02/03 10:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keepsoft
[2010/11/03 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/12 17:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Modern Investment Technologies
[2009/04/16 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/16 12:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2010/03/14 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/18 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\AcuteFinder
[2009/04/17 09:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Canon
[2009/08/28 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ChemTable Software
[2010/02/03 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\com.innovizta.InnoSlice.9F6B6DB100F82DE5873947034FAFA47ACBB18B35.1
[2010/09/08 17:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\CyberDefender
[2010/07/02 10:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DeepBurner
[2010/05/04 09:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DeviceDoctorSoftware
[2010/01/11 19:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\DriverCure
[2010/01/18 13:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Duplicate File Hunter
[2010/01/18 10:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Easy Duplicate Finder
[2010/07/10 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\GetRightToGo
[2010/08/09 17:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\GlarySoft
[2010/05/07 10:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ImgBurn
[2010/07/18 11:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\InfraRecorder
[2010/02/09 17:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Keepsoft
[2005/07/26 10:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Leadertech
[2010/02/04 18:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\MechCAD
[2010/03/14 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Money Manager Ex
[2009/04/16 16:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\NewSoft
[2009/10/05 08:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Opera
[2010/09/19 09:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Philipp Winterberg
[2010/06/30 08:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\QuuSoft
[2010/01/18 10:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Reasonable Software House Ltd
[2009/04/16 16:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\ScanSoft
[2009/03/31 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\StarOffice
[2009/03/11 16:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Template
[2010/05/08 09:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\TweakNow RegCleaner
[2010/06/30 07:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudy\Application Data\Uniblue
[2010/10/18 11:41:59 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\DefragExpress.job
[2010/11/14 16:04:41 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/11/14 16:10:01 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 861 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FCD643
@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Rudy\My Documents\PAVARK.exe:License
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 15 November 2010 - 07:07 AM

It appears you have run Combofix before please delete your copy of it from off of the desktop and then transfer a new copy via a flash drive.
Run Combofix by double clicking the icon.
Please post it's log after it completes.
You can download it from here > http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 15 November 2010 - 12:26 PM

Hello again,
Attached bellow is the combofix file: I am beginng to wonder if the initial infection did not screw up some registry settings affecting the firewall and the wirless network.

ComboFix 10-11-14.04 - Rudy 11/15/2010 11:14:20.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -6:00]
Running from: c:\documents and settings\Rudy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 17:08 . 2010-11-15 17:09 -------- d-----w- C:\Commy
2010-11-13 22:53 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-13 22:52 . 2010-10-18 14:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A57CA1B-6867-4854-B1D9-C191F7A022F9}\mpengine.dll
2010-11-13 16:35 . 2010-11-13 16:35 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-13 16:35 . 2010-11-13 16:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-11 14:46 . 2010-11-11 14:46 -------- d-----w- c:\documents and settings\Rudy\Local Settings\Application Data\PCHealth
2010-11-11 14:46 . 2010-11-11 14:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-11-11 14:45 . 2010-11-11 14:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-06 19:13 . 2010-11-06 19:13 388096 ----a-r- c:\documents and settings\Rudy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-06 19:13 . 2010-11-06 19:13 -------- d-----w- c:\program files\Trend Micro
2010-11-05 19:37 . 2010-11-05 19:37 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-11-05 19:35 . 2010-11-05 19:35 -------- d-----w- c:\windows\ERUNT
2010-11-05 01:59 . 2010-11-05 01:59 -------- d-----w- c:\program files\Resource Kit
2010-11-03 20:03 . 2010-11-03 20:03 -------- d--h--w- c:\windows\PIF
2010-11-02 19:59 . 2010-11-02 19:59 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-11-02 19:13 . 2010-11-03 19:51 -------- d-----w- C:\ERDNT
2010-11-01 17:14 . 2010-11-01 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-30 22:09 . 2010-10-30 22:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-29 23:17 . 2010-11-03 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 16:35 . 2009-03-31 21:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 23:52 . 2010-08-12 02:32 524252 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-10-19 16:41 . 2010-01-02 21:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2004-08-10 18:51 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ---ha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ---ha-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2004-08-10 18:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-10 18:51 61952 ---ha-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2009-08-28 15:27 81920 ---ha-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-10 18:51 369664 ---ha-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-10 18:50 285824 ---ha-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ---ha-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ---ha-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ---ha-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-07-25 14:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 18:50 617472 ------w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableFavoritesDirChange"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PiggyBob™.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Rudy^Start Menu^Programs^Startup^Seagate 2GHL5EN4 Product Registration.lnk]
path=c:\documents and settings\Rudy\Start Menu\Programs\Startup\Seagate 2GHL5EN4 Product Registration.lnk
backup=c:\windows\pss\Seagate 2GHL5EN4 Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBoostrCP]
2009-11-12 18:28 1587840 ----a-w- c:\program files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemBoosterXP]
2006-03-21 17:57 577536 ------w- c:\program files\DiskTrix\SystemBooster2\SystemBooster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [11/12/2009 12:28 PM 144984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [10/26/2009 10:43 AM 17672]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [11/12/2009 12:28 PM 645248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 12:15 PM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\DefragExpress.job
- c:\program files\DiskTrix\DefragExpress\DefragExpress.exe [2009-03-29 14:40]

2010-11-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-11 16:14]

2010-11-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
IE: E&xport to Microsoft Excel
IE: Yahoo! Dictionary
IE: Yahoo! Search
FF - ProfilePath - c:\documents and settings\Rudy\Application Data\Mozilla\Firefox\Profiles\18f9hcsv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Default]
@DACL=(02 0000)
@=""

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Default]
@DACL=(02 0000)
@=""

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default]
@DACL=(02 0000)
@=""

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default]
@DACL=(02 0000)
@=""

[HKEY_USERS\S-1-5-21-3879861973-781856831-1523397609-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\DB2]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\DBASE]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\FOXPRO]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\INFORMIX]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\INTRBASE]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\MSACCESS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\MSSQL]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\ORACLE]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\PARADOX]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\DRIVERS\SYBASE]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\SYSTEM\FORMATS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings\SYSTEM\INIT]
@DACL=(02 0000)
"VERSION"="4.0"
"LOCAL SHARE"="FALSE"
"MINBUFSIZE"="128"
"MAXBUFSIZE"="2048"
"LANGDRIVER"="DBWINUS0"
"MAXFILEHANDLES"="128"
"SYSFLAGS"="0"
"LOW MEMORY USAGE LIMIT"="32"
"AUTO ODBC"="FALSE"
"DEFAULT DRIVER"="PARADOX"
"SQLQRYMODE"=""
"MEMSIZE"="16"
"SHAREDMEMSIZE"="8192"
"SHAREDMEMLOCATION"=""
"DATA REPOSITORY"=""
"MTS POOLING"="FALSE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(372)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-11-15 11:21:37
ComboFix-quarantined-files.txt 2010-11-15 17:21
ComboFix2.txt 2010-11-14 22:43

Pre-Run: 9,747,144,704 bytes free
Post-Run: 9,732,661,248 bytes free

- - End Of File - - 4A86E5EAF9C0CB8600DA0E05763AF301

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 15 November 2010 - 02:39 PM

Hmm let's try to do this.
Go to start > Run then type in this sfc /scannow then hit ok.
If it prompts you to put in a disk then please put the xp disk for the system in the cd drive then hit continue.
Reboot after doing this and let me know if it helps at all.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 15 November 2010 - 03:47 PM

Hello Kahdah,
thanks for all your help, but unfortunately nothing is different.

Windows system file checker did not find any problems. I even ran it from the safe mode command prompt as well as the normal boot. WHere do we go next?

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 15 November 2010 - 07:13 PM

Well I need a bit more information when did this start happening exactly?
Do you have any issues starting other services as well?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 16 November 2010 - 12:37 PM

Hello Kahdah,
Here are some of the problems I have:

when running srevices.msc I noticed the following:
Webclient= stopping
Windows Firewall Internet Connection Sharing Service (ICS) is set to auto
It is not started. When I try to start it I recieve the following message:
Internet connection sharing service (ICS) on local computer

Error 2: The system cannot find the file specified

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 16 November 2010 - 06:24 PM

OK check for me please if these files are present:
C:\Windows\system32\ipnathlp.dll and C:\Windows\system32\drivers\ipnat.sys
You may have to show hidden files and folders to see them.
If you do not know how to do this then refer to this link > http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 16 November 2010 - 09:51 PM

Kahdah,
I checked for those files they are present and they are versions 5.1.2600.5512.
what next?

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 17 November 2010 - 07:58 AM

Ok check to see if these services are also running:
DHCP' and 'TCPIP netbios helper' if they are not start them and then try to start the ICS service again.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 17 November 2010 - 03:12 PM

Thanks for the reply,
I checked my services and the TCPIP netbios helper is running. BUT when I checked the DHCP service, it was not running even though it is set to automatic. I tried to manually start it and failed to do so with the resulting error message.

"Could not start the DHCP client service on Local computer.
Error 1068: the dependency service or group failed to start."

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:59 PM

Posted 17 November 2010 - 06:26 PM

Hmm ok please follow the instructions here http://windowsxp.mvps.org/dhcp.htm
Let em know if that helps.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 17 November 2010 - 11:30 PM

Ha! I don't know what to do about this, but I think finally we are on to something here. I followed the instructions in the link you sent me and though everything checked out, when I opened the hidden devices, I noticed that there were three non-plug and play drivers that have yellow exclamation marks in front of them. They all have the same error message attached to them.
"Device not present,device not working properly, or does not have all of it's drivers installed" (code 24)

Also the troubleshooter button does not work so I don't know where to go from here.
The three services are:
IP Network Address Transfer
SBRE
TCP/IP Protocol Driver




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users