Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox home page keeps switching back to flyingincognitosleep.com/cgi-bin/h.pl


  • This topic is locked This topic is locked
20 replies to this topic

#1 Blops

Blops

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 31 December 2010 - 06:58 PM

The Firefox home page on my computer keeps switching back to flyingincognitosleep.com/cgi-bin/h.pl. This happens only to one of the two regularly-used users on the computer. The home page had been changed on IE8 also, but that could be reset manually. Both Firefox and IE were also re-configured to connect to the internet through a proxy server. This problem could also be fixed manually. The home page on Firefox keeps recurring, however. Malwarebytes has not been able to get rid of the issue.

Any and all help is appreciated. Logs below.

Thank you, and have a Happy New Year!



DDS (Ver_10-12-12.02) - NTFSx86
Run by Ton at 13:37:08.12 on Fri 12/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\Ton\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\msiexec.exe
C:\Documents and Settings\Ton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\windows live toolbar\stmain.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {83B28A74-640D-48F4-9F51-E80EED7CC7E0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RealPlayer] "c:\program files\real\realone player\realplay.exe" /RunUPGToolCommandReBoot
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [SmileboxTray] "c:\documents and settings\ton\application data\smilebox\SmileboxTray.exe"
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [Keyboard Preload Check] c:\oemdrvrs\keyb\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
mRun: [PROMon.exe] PROMon.exe
mRun: [QAGENT] c:\program files\quickenw\QAGENT.EXE
mRun: [Multi-function Keyboard] GWHotKey.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Enterprise
mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\winnt\vVX3000.exe
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mosasc~1.lnk - c:\program files\mosascii m2\m2update.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\ton\application data\dealio\kb124\res\DealioSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://tonyapacanins.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://download.sidestep.com/get/k00719/sb028.cab
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} - hxxp://www.totsites.com/admin/includes/imageuploader2/ImageUploader4.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://gea.view22.com/view22/View22RTE.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\winnt\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
Hosts: 192.168.1.101 HP001B78CA0586

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ton\applic~1\mozilla\firefox\profiles\659p51g5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ton\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - user.js: browser.startup.page - 1

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-12-13 67584]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\winnt\system32\drivers\activhidsermini.sys [2010-5-26 74752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101217.002\naveng.sys [2010-12-18 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101217.002\navex15.sys [2010-12-18 1360760]
R3 prmvmouse;Promethean HID Mouse Service;c:\winnt\system32\drivers\activmouse.sys [2010-5-26 6144]
S2 gupdate1c9ab486da0fa92;Google Update Service (gupdate1c9ab486da0fa92);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]
S3 P1001VID;Creative WebCam (WDM);c:\winnt\system32\drivers\P1001Vid.sys [2002-11-16 311684]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\qctest\pcdoc\pcdrdrv.sys --> c:\atf\qctest\pcdoc\PCDRDRV.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
S3 SPCA508A;Micro WebCam;c:\winnt\system32\drivers\SPCA508A.SYS [2002-9-12 99014]
S3 SQTECH9052;Disney Micro;c:\winnt\system32\drivers\Capt9052.sys [2010-12-27 38656]
S3 VisorUsb;Handspring USB;c:\winnt\system32\drivers\visorusb.sys --> c:\winnt\system32\drivers\VisorUsb.sys [?]
S4 mrtRate;mrtRate;c:\winnt\system32\drivers\MrtRate.sys [2002-8-29 34712]

=============== Created Last 30 ================

2010-12-28 21:12:30 -------- d-----w- c:\docume~1\ton\applic~1\Malwarebytes
2010-12-27 23:12:58 -------- d-----w- c:\program files\WMV9_VCM
2010-12-27 23:11:57 38656 ----a-w- c:\winnt\system32\drivers\Capt9052.sys
2010-12-27 23:11:57 25216 ----a-w- c:\winnt\system32\drivers\Camd9052.sys
2010-12-27 23:11:53 -------- d-----w- c:\program files\Disney Micro
2010-12-27 23:10:27 37760 ----a-w- c:\winnt\system32\drivers\Capt905c.sys
2010-12-27 23:10:27 25216 ----a-w- c:\winnt\system32\drivers\Camd905c.sys
2010-12-27 23:10:20 -------- d-----w- c:\program files\DB CIF Cam
2010-12-21 05:04:49 -------- d-----w- c:\program files\iTunes
2010-12-15 19:56:40 40960 ------w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-15 19:55:43 45568 ------w- c:\winnt\system32\dllcache\wab.exe
2010-12-14 04:01:26 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-11 13:02:59 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-11 13:02:58 472808 ----a-w- c:\winnt\system32\deployJava1.dll
2010-12-10 22:57:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-10 22:57:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-08 12:21:44 -------- d-----w- c:\winnt\system32\Adobe
2010-12-07 20:13:05 -------- d-sh--w- c:\documents and settings\ton\PrivacIE
2010-12-07 04:08:42 -------- d-sh--w- C:\found.000
2010-12-07 03:40:38 0 ----a-w- c:\winnt\system32\drivers\sst101.tmp
2010-12-07 03:38:26 53248 ----a-w- c:\winnt\system32\drivers\sstFE.sys
2010-12-07 03:38:26 0 ----a-w- c:\winnt\system32\drivers\sstFE.tmp

==================== Find3M ====================

2010-12-11 13:02:24 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2010-11-29 22:38:30 94208 ----a-w- c:\winnt\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\winnt\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\winnt\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\winnt\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys

============= FINISH: 13:46:31.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 07 January 2011 - 03:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 12 January 2011 - 12:40 AM

Thank you for the reply. My apologies for taking so long to get back to you-- the notification went to the spam filter. Won't happen again.

Issues have gotten worse. All users are now dealing with Google results being redirected, and for one Firefox won't start. Here are the logs:

OTL.txt:

OTL logfile created on: 1/11/2011 11:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 10.90 Gb Free Space | 29.24% Space Free | Partition Type: NTFS
Drive J: | 298.02 Gb Total Space | 255.35 Gb Free Space | 85.68% Space Free | Partition Type: FAT32

Computer Name: CASA_NEW_HAVEN | User Name: Ton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 23:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\OTL.exe
PRC - [2010/12/02 21:18:20 | 000,312,640 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Ton\Application Data\Smilebox\SmileboxTray.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/06/10 13:54:26 | 000,493,336 | ---- | M] () -- C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010/06/10 13:54:22 | 001,092,896 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2009/11/01 21:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/28 16:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/07/24 15:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\vVX3000.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/20 20:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2008/03/13 11:05:06 | 000,128,256 | ---- | M] (Mattel Inc.) -- C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/06/22 18:05:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/28 11:14:50 | 002,061,816 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
PRC - [2006/06/15 00:40:34 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 00:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 00:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/03/24 16:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 16:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 16:14:48 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINNT\system32\HPZipm12.exe
PRC - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/08/09 05:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/05/06 19:12:44 | 000,065,536 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\NMSSvc.Exe
PRC - [2002/04/18 18:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\PROMon.exe
PRC - [2001/11/27 07:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2001/08/28 10:13:28 | 000,098,361 | ---- | M] (BillP Studios) -- C:\WINNT\GWHotKey.exe
PRC - [2001/01/03 14:50:56 | 000,066,048 | ---- | M] (Silitek Corporation) -- C:\WINNT\system32\SK9910DM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/11 23:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\OTL.exe
MOD - [2011/01/11 23:52:52 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- c:\fixit\pt\PCTKRNT.SYS -- (PictureTaker)
SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINNT\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/06/15 00:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 00:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 00:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 16:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 16:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/01/24 19:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\VisorUsb.sys -- (VisorUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Atf\Qctest\PCDoc\PCDRDRV.sys -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110107.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110107.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/18 08:14:40 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/01 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 14:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010/05/26 14:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010/02/17 19:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/24 15:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/02/21 10:08:54 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Capt9052.sys -- (SQTECH9052)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/05 15:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 16:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 19:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 19:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 19:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 19:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/07/05 09:27:04 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [2002/06/03 20:38:38 | 000,311,684 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\P1001Vid.sys -- (P1001VID) Creative WebCam (WDM)
DRV - [2002/05/06 19:13:14 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/02/28 10:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Disabled | Stopped] -- C:\WINNT\System32\drivers\MrtRate.sys -- (mrtRate)
DRV - [2000/09/12 00:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 18:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k)
DRV - [2000/08/17 04:00:22 | 000,099,014 | R--- | M] (Sunplus Technology Co. LTD.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SPCA508A.SYS -- (SPCA508A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://flyingincognitosleep.com/cgi-bin/h.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.startup.homepage: "http://flyingincognitosleep.com/cgi-bin/h.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 10:12:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/08 10:12:17 | 000,000,000 | ---D | M]

[2010/09/12 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions
[2010/09/12 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/03 19:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\659p51g5.default\extensions
[2009/09/03 14:01:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ton\Application Data\Mozilla\Firefox\Profiles\659p51g5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/10 22:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/11 08:03:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/11 08:02:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/11 08:02:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/08/26 19:08:16 | 000,002,140 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 websearch.com
O1 - Hosts: 127.0.0.1 www.websearch.com
O1 - Hosts: 127.0.0.1 advnt01.com
O1 - Hosts: 127.0.0.1 www.advnt01.com
O1 - Hosts: 127.0.0.1 www.xzoomy.com
O1 - Hosts: 127.0.0.1 xzoomy.com
O1 - Hosts: 127.0.0.1 www.adwave.com
O1 - Hosts: 127.0.0.1 adwave.com
O1 - Hosts: 127.0.0.1 topconverting.com
O1 - Hosts: 127.0.0.1 www.topconverting.com
O1 - Hosts: 127.0.0.1 www.ntsearch.com
O1 - Hosts: 127.0.0.1 ntsearch.com
O1 - Hosts: 127.0.0.1 www.incredifind.com
O1 - Hosts: 127.0.0.1 incredifind.com
O1 - Hosts: 127.0.0.1 www.popaware.com
O1 - Hosts: 127.0.0.1 popaware.com
O1 - Hosts: 127.0.0.1 www.revenue.net
O1 - Hosts: 127.0.0.1 revenue.net
O1 - Hosts: 127.0.0.1 www.smileycentral.com
O1 - Hosts: 127.0.0.1 smileycentral.com
O1 - Hosts: 127.0.0.1 www.cafreedom.com
O1 - Hosts: 127.0.0.1 cafreedom.com
O1 - Hosts: 127.0.0.1 www.revenue.net
O1 - Hosts: 127.0.0.1 revenue.net
O1 - Hosts: 29 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\Windows Live Toolbar\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\WINNT\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Multi-function Keyboard] C:\WINNT\GWHotKey.exe (BillP Studios)
O4 - HKLM..\Run: [PROMon.exe] C:\WINNT\System32\PROMon.exe (Intel Corporation)
O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINNT\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005..\Run: [SmileboxTray] C:\Documents and Settings\Ton\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mosascii m2 update check.lnk = C:\Program Files\mosascii m2\m2update.exe (Robert DeFusco)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-72185382-3009342548-3091673561-1005\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://tonyapacanins.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://download.sidestep.com/get/k00719/sb028.cab (Reg Error: Key error.)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} http://www.totsites.com/admin/includes/imageuploader2/ImageUploader4.cab (Image Uploader ShellCombo Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://gea.view22.com/view22/View22RTE.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Fotos\Larissa Y Miranda\Navidad 2008\Actos de Navidad 044.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/29 16:39:19 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e9d98a54-9cdb-11de-9e2a-0007e99c6648}\Shell - "" = AutoRun
O33 - MountPoints2\{e9d98a54-9cdb-11de-9e2a-0007e99c6648}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9d98a54-9cdb-11de-9e2a-0007e99c6648}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINNT\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E6EAE5-7821-4AC1-9BBD-AED032A8E273} - Q323759
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: {FF4DD9CD-F25E-425a-8B5C-A2D062781FBB} - Q328970
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CLBR - C:\WINNT\System32\P1001Dex.ax (Creative Technology Ltd.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP62 - C:\WINNT\System32\SP6X_32.DLL (Sunplus Technology Corporation)
Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINNT\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 23:55:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\OTL.exe
[2010/12/31 13:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Desktop\Arreglos
[2010/12/30 11:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/12/28 16:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ton\Application Data\Malwarebytes
[2010/12/27 18:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disney
[2010/12/27 18:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/12/27 18:11:57 | 000,038,656 | ---- | C] (Service & Quality Technology.) -- C:\WINNT\System32\drivers\Capt9052.sys
[2010/12/27 18:11:57 | 000,025,216 | ---- | C] (Service & Quality Technology.) -- C:\WINNT\System32\drivers\Camd9052.sys
[2010/12/27 18:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Micro
[2010/12/27 18:10:27 | 000,037,760 | ---- | C] (Service & Quality Technology.) -- C:\WINNT\System32\drivers\Capt905c.sys
[2010/12/27 18:10:27 | 000,025,216 | ---- | C] (Service & Quality Technology.) -- C:\WINNT\System32\drivers\Camd905c.sys
[2010/12/27 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\DB CIF Cam
[2010/12/21 00:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/12/21 00:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/20 23:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2010/12/20 23:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/15 14:56:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndproxy.sys
[2010/12/15 14:55:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wab.exe
[2010/12/13 23:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 10
[2010/12/13 23:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ]
[14 C:\Documents and Settings\Ton\My Documents\*.tmp files -> C:\Documents and Settings\Ton\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/11 23:55:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ton\Desktop\OTL.exe
[2011/01/11 23:53:16 | 000,000,868 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011/01/11 23:52:33 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/01/11 23:52:24 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/11 23:49:02 | 000,000,254 | ---- | M] () -- C:\WINNT\tasks\Check Updates for Windows Live Toolbar.job
[2011/01/11 23:42:01 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/11 23:24:36 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/01/11 23:24:34 | 1071,501,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 19:40:38 | 000,209,920 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Evals2011.pdf
[2011/01/09 19:40:38 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\evals teacher comment.docx
[2011/01/09 19:40:38 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Evals2011.xlsx
[2011/01/06 21:15:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/12/31 13:47:59 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\gmer.zip
[2010/12/31 13:36:00 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\dds.scr
[2010/12/31 13:34:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ton\defogger_reenable
[2010/12/31 13:33:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ton\Desktop\Defogger.exe
[2010/12/28 16:17:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 16:11:18 | 000,003,007 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1839256242.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/12/15 20:52:19 | 000,257,456 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/12/15 18:18:11 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/12/14 21:24:31 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\show program 2010.pub
[2010/12/14 21:18:51 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ton\My Documents\programa de mano xmas.pub
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ]
[14 C:\Documents and Settings\Ton\My Documents\*.tmp files -> C:\Documents and Settings\Ton\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/09 19:40:38 | 000,209,920 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\Evals2011.pdf
[2011/01/09 19:40:38 | 000,205,824 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\evals teacher comment.docx
[2011/01/09 19:40:38 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\Evals2011.xlsx
[2011/01/08 15:39:18 | 1071,501,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/31 13:48:02 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\gmer.zip
[2010/12/31 13:36:03 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\dds.scr
[2010/12/31 13:34:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ton\defogger_reenable
[2010/12/31 13:34:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ton\Desktop\Defogger.exe
[2010/12/14 21:23:30 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\show program 2010.pub
[2010/12/14 21:18:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ton\My Documents\programa de mano xmas.pub
[2010/12/06 22:39:52 | 000,003,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1839256242.dat
[2010/06/10 13:54:42 | 000,227,624 | ---- | C] () -- C:\WINNT\libactivboardex.dll
[2010/06/10 13:54:24 | 000,256,280 | ---- | C] () -- C:\WINNT\ActivDRV.dll
[2010/01/23 23:26:48 | 000,015,498 | ---- | C] () -- C:\WINNT\VX3000.ini
[2008/01/13 14:36:45 | 000,077,824 | R--- | C] () -- C:\WINNT\System32\HPZIDS01.dll
[2008/01/13 14:36:17 | 000,000,175 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2008/01/13 14:35:10 | 000,000,849 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2008/01/13 14:21:12 | 000,007,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/02 08:39:05 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
[2007/06/07 18:58:23 | 000,006,048 | ---- | C] () -- C:\WINNT\System32\MCC16.dll
[2007/06/07 18:51:38 | 000,066,261 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/06/07 07:59:50 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\BJAXSecurityManager.dll
[2007/06/07 07:59:47 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\BJInstaller.dll
[2006/09/16 15:58:17 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2006/07/28 19:00:48 | 000,000,026 | ---- | C] () -- C:\WINNT\FPKPMSV.INI
[2006/07/26 08:56:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\fusioncache.dat
[2006/03/25 21:30:33 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/16 16:25:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ton\Application Data\dm.ini
[2005/06/16 16:25:14 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\Ton\Application Data\AdobeDLM.log
[2004/10/17 09:20:07 | 000,000,360 | ---- | C] () -- C:\WINNT\conscorr.ini
[2004/09/04 20:31:28 | 000,000,045 | ---- | C] () -- C:\WINNT\BBIMJGK.ini
[2004/02/18 16:40:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2003/12/04 09:35:09 | 000,000,037 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/10/09 16:54:23 | 000,000,401 | ---- | C] () -- C:\WINNT\Belt.ini
[2003/08/27 10:41:30 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/08/21 17:58:47 | 000,000,223 | ---- | C] () -- C:\WINNT\System32\P1001Twn.ini
[2003/05/12 18:48:24 | 000,209,920 | ---- | C] () -- C:\Documents and Settings\Ton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/03/24 05:03:00 | 000,279,552 | ---- | C] () -- C:\WINNT\System32\FGWVB32.DLL
[2003/01/20 21:08:24 | 000,000,000 | ---- | C] () -- C:\WINNT\QFN.ini
[2003/01/20 21:08:24 | 000,000,000 | ---- | C] () -- C:\WINNT\QDQICK.ini
[2002/11/30 15:00:23 | 000,009,812 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2002/10/02 16:58:50 | 000,000,402 | ---- | C] () -- C:\WINNT\wldtlk6.ini
[2002/09/28 20:57:20 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2002/09/22 21:04:44 | 000,000,122 | ---- | C] () -- C:\WINNT\mdm.ini
[2002/09/20 13:59:57 | 000,000,669 | ---- | C] () -- C:\WINNT\tlknw6.ini
[2002/09/12 19:23:06 | 000,015,317 | R--- | C] () -- C:\WINNT\PP508.INI
[2002/09/09 20:47:20 | 000,007,812 | ---- | C] () -- C:\WINNT\System32\visorusb.dll
[2002/09/08 15:15:11 | 000,000,349 | ---- | C] () -- C:\WINNT\Ulead32.ini
[2002/09/07 09:53:42 | 000,000,045 | ---- | C] () -- C:\WINNT\EPSC42.ini
[2002/08/29 16:40:56 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/08/29 16:26:01 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/08/29 16:25:56 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[2002/08/29 16:25:56 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\REGOBJ.DLL
[2002/08/29 16:25:02 | 000,001,068 | ---- | C] () -- C:\WINNT\intuprof.ini
[2002/08/29 16:25:02 | 000,000,882 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/08/29 16:24:03 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2002/08/29 16:24:03 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/08/29 16:23:06 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2002/08/29 16:23:05 | 000,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2001/10/09 13:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/10/09 12:40:34 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
[1980/01/01 00:00:00 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\shpshftr.dll
[1980/01/01 00:00:00 | 000,009,785 | ---- | C] () -- C:\WINNT\System32\drivers\a312.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/09/06 07:10:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/15 21:01:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/06 07:10:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/15 21:01:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/08/27 08:38:39 | 012,091,533 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/06 07:10:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/15 21:01:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2003/08/27 08:38:39 | 012,091,533 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/09/06 07:10:09 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/15 21:01:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2001/08/17 13:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINNT\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\volsnap.sys
[2 C:\WINNT\system32\drivers\*.tmp files -> C:\WINNT\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2001/10/09 12:39:20 | 000,090,112 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2001/10/09 12:39:20 | 000,606,208 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2001/10/09 12:39:20 | 000,380,928 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\system32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\system32\drivers\mbamswissarmy.sys
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\ndproxy.sys
[2010/12/06 22:38:30 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\sstFE.sys
[2 C:\WINNT\system32\drivers\*.tmp files -> C:\WINNT\system32\drivers\*.tmp -> ]

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A

< End of report >

----------

Extras.txt:

OTL Extras logfile created on: 1/11/2011 11:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 10.90 Gb Free Space | 29.24% Space Free | Partition Type: NTFS
Drive J: | 298.02 Gb Total Space | 255.35 Gb Free Space | 85.68% Space Free | Partition Type: FAT32

Computer Name: CASA_NEW_HAVEN | User Name: Ton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINNT\system32\rtcshare.exe" = C:\WINNT\system32\rtcshare.exe:*:Disabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINNT\explorer.exe" = C:\WINNT\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{598D99F7-B97C-424F-B899-69B339336411}}" = Disney Micro
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{39DA87A1-0B26-4562-A70C-2A6147366E47}" = PC-Doctor Services
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{598D99F7-B97C-424F-B899-69B339336411}" = Disney Micro
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More 5.0
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983338D4-D972-4C58-AA6D-B81445070451}" = The Digital Arts and Crafts Studio
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B64CFDD-4FFA-4971-9989-ED225FF7D88D}" = ActivInspire Help (USA) v1
"{9BD24D14-A5F1-49CA-85CA-90E9A8AEF44A}" = ActivInspire HWR Resources (ENU) v1
"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" = PC-Doctor Consumer UI
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B78ACFBD-A0AD-4A37-B8EB-B01745793E67}" = Disney Pix 3.2
"{BAD59025-5B73-4E12-B789-0028C5A573C2}" = PC-Doctor Diagnostics
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB4291BF-594B-4AA9-883B-1E7509DCA092}" = ActivDriver x86 v5.5
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"BellSouth Application Management" = BellSouth Application Management
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CobBackup10" = Cobian Backup 10
"Creative WebCam" = Creative WebCam Driver (1.02.08.0807)
"EPSON Printer and Utilities" = EPSON Printer Software
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Updater" = Google Updater
"GSIM" = GSIM
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money 2007
"mosascii m2_is1" = mosascii m2 2.1.200 Beta 3
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Multi-function Keyboard Utility" = Gateway Multi-function Keyboard
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"Videora iPod Converter" = Videora iPod Converter 0.91
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-72185382-3009342548-3091673561-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2011 1:35:25 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/11/2011 1:35:25 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/11/2011 1:35:25 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 12:10:44 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 12:10:44 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17281

Error - 1/12/2011 12:10:44 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17281

Error - 1/12/2011 12:51:39 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 12:51:39 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 12:51:39 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/12/2011 12:51:39 AM | Computer Name = CASA_NEW_HAVEN | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 1/11/2011 8:10:44 PM | Computer Name = CASA_NEW_HAVEN | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.

Error - 1/11/2011 8:42:01 PM | Computer Name = CASA_NEW_HAVEN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/11/2011 8:42:16 PM | Computer Name = CASA_NEW_HAVEN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/11/2011 8:55:26 PM | Computer Name = CASA_NEW_HAVEN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/11/2011 8:55:43 PM | Computer Name = CASA_NEW_HAVEN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/11/2011 9:17:19 PM | Computer Name = CASA_NEW_HAVEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 1/12/2011 12:10:22 AM | Computer Name = CASA_NEW_HAVEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 1/12/2011 12:10:58 AM | Computer Name = CASA_NEW_HAVEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 1/12/2011 12:11:29 AM | Computer Name = CASA_NEW_HAVEN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 1/12/2011 12:25:13 AM | Computer Name = CASA_NEW_HAVEN | Source = Print | ID = 54
Description = Document Microsoft Word - Document2 was corrupted and has been deleted.
The associated driver is: Canon MX870 series Printer.


< End of report >


Thank you!

Pablo

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 12 January 2011 - 07:19 AM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 12 January 2011 - 11:24 PM

Thank you very much for the quick reply. Ran ComboFix and here is the log:

ComboFix 11-01-11.03 - Ton 01/12/2011 22:05:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.566 [GMT -5:00]
Running from: c:\documents and settings\Ton\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ton\Recent\Thumbs.db
c:\program files\INSTALL.LOG
C:\Thumbs.db
c:\winnt\system32\drivers\sst101.tmp
c:\winnt\system32\drivers\sstFE.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sstFE
-------\Service_sstFE


((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2010-12-30 16:52 . 2010-12-30 16:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-28 21:12 . 2010-12-28 21:12 -------- d-----w- c:\documents and settings\Ton\Application Data\Malwarebytes
2010-12-27 23:12 . 2010-12-27 23:13 -------- d-----w- c:\program files\WMV9_VCM
2010-12-27 23:11 . 2008-02-21 15:08 38656 ----a-w- c:\winnt\system32\drivers\Capt9052.sys
2010-12-27 23:11 . 2008-02-21 15:08 25216 ----a-w- c:\winnt\system32\drivers\Camd9052.sys
2010-12-27 23:11 . 2010-12-27 23:12 -------- d-----w- c:\program files\Disney Micro
2010-12-27 23:10 . 2007-05-18 16:41 37760 ----a-w- c:\winnt\system32\drivers\Capt905c.sys
2010-12-27 23:10 . 2007-04-28 15:25 25216 ----a-w- c:\winnt\system32\drivers\Camd905c.sys
2010-12-27 23:10 . 2010-12-27 23:11 -------- d-----w- c:\program files\DB CIF Cam
2010-12-27 23:10 . 2010-12-27 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-12-21 05:04 . 2010-12-21 05:06 -------- d-----w- c:\program files\iTunes
2010-12-18 18:36 . 2010-12-18 18:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-12-18 16:04 . 2010-12-18 16:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-18 16:03 . 2010-12-18 16:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-15 19:56 . 2010-11-02 15:17 40960 ------w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-15 19:55 . 2010-10-11 14:59 45568 ------w- c:\winnt\system32\dllcache\wab.exe
2010-12-14 04:02 . 2010-12-14 04:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Safe mirror
2010-12-14 04:01 . 2010-12-14 04:02 -------- d-----w- c:\program files\Cobian Backup 10

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-07-19 16:08 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-07-19 16:08 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-12-11 13:02 . 2010-12-11 13:02 472808 ----a-w- c:\winnt\system32\deployJava1.dll
2010-12-11 13:02 . 2007-05-06 04:30 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2010-12-07 03:38 . 2010-12-07 03:38 0 ----a-w- c:\winnt\system32\drivers\sstFE.tmp
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\winnt\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\winnt\system32\QuickTime.qts
2010-11-18 18:12 . 2001-10-09 17:47 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-06 00:26 . 2007-01-09 00:02 1469440 ------w- c:\winnt\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-02-06 22:05 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26 . 2003-08-27 13:35 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\winnt\system32\html.iec
2010-11-02 15:17 . 1980-01-01 05:00 40960 ----a-w- c:\winnt\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 1980-01-01 05:00 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25 . 1980-01-01 05:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2003-11-18 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2003-11-18 118784]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-07 65536]
"PROMon.exe"="PROMon.exe" [2002-04-18 73728]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 98361]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX3000"="c:\winnt\vVX3000.exe" [2009-07-24 762208]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
mosascii m2 update check.lnk - c:\program files\mosascii m2\m2update.exe [2010-8-25 208384]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2002-9-11 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINNT\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [12/13/2010 11:02 PM 67584]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\winnt\system32\drivers\activhidsermini.sys [5/26/2010 2:20 PM 74752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [1/7/2011 8:18 PM 102448]
R3 prmvmouse;Promethean HID Mouse Service;c:\winnt\system32\drivers\activmouse.sys [5/26/2010 2:21 PM 6144]
S2 gupdate1c9ab486da0fa92;Google Update Service (gupdate1c9ab486da0fa92);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2009 6:46 PM 133104]
S3 P1001VID;Creative WebCam (WDM);c:\winnt\system32\drivers\P1001Vid.sys [11/16/2002 8:51 AM 311684]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 12:40 AM 115952]
S3 SPCA508A;Micro WebCam;c:\winnt\system32\drivers\SPCA508A.SYS [9/12/2002 7:23 PM 99014]
S3 SQTECH9052;Disney Micro;c:\winnt\system32\drivers\Capt9052.sys [12/27/2010 6:11 PM 38656]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
S4 mrtRate;mrtRate;c:\winnt\system32\drivers\MrtRate.sys [8/29/2002 4:25 PM 34712]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-07 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2011-01-12 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2011-01-13 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 23:45]

2011-01-13 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 23:46]

2011-01-13 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://asmail.as.miami.edu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fasmail.as.miami.edu%2fowa%2f
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://download.sidestep.com/get/k00719/sb028.cab
DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} - hxxp://www.totsites.com/admin/includes/imageuploader2/ImageUploader4.cab
DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vmqkcihy.default\
FF - prefs.js: browser.startup.homepage - espn.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\Money Express.exe
HKCU-Run-387812 - c:\docume~1\Owner\LOCALS~1\Temp\387812.exe
HKLM-Run-Keyboard Preload Check - c:\oemdrvrs\KEYB\Preload.exe
HKLM-Run-QAGENT - c:\program files\QUICKENW\QAGENT.EXE
HKLM-Run-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Creative WebCam - c:\winnt\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll
AddRemove-{{598D99F7-B97C-424F-B899-69B339336411}} - c:\program files\InstallShield Installation Information\{{598D99F7-B97C-424F-B899-69B339336411}}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 22:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1556)
c:\winnt\system32\WININET.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\winnt\System32\NMSSvc.exe
c:\winnt\system32\HPZipm12.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\winnt\system32\SK9910DM.EXE
c:\winnt\GWMDMMSG.exe
c:\winnt\system32\PROMon.exe
c:\winnt\GWHotKey.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\winnt\System32\NOTEPAD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-12 23:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 04:15

Pre-Run: 11,686,207,488 bytes free
Post-Run: 12,399,919,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 47724AB151CB27CA95E24A2A12409FF3

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 16 January 2011 - 05:37 AM

Hi,

do you have any problems besides the start page?

For the start page do the following:
For each user that is complaining about an unchangeable startpage, go to c:\documents and settings\username\Application Data\Mozilla\Firefox\Profiles\random.profilename\

In that folder you will see a file called user.js. Rename that file to user.js.bak. Have all the users check whether the homepage is gone and whether they are missing any other important settings. Let me know if that works.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 16 January 2011 - 07:43 AM

Thank you for the reply. I am traveling and unfortunately away from that computer until Monday night. I will check then.
To answer your question, there was another issue: Google results were being redirected. Will also check on Monday if that's still happening.
Thank you!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 16 January 2011 - 08:45 AM

Hi,


when you get back onto the machine, can you please do the following:


  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press enter.
  • At the C:\Windows prompt, type the following bolded text, and press Enter:

    set AllowAllPaths=TRUE
    set AllowRemovableMedia =TRUE

  • At the next prompt type the following bolded text, and press Enter:

    cd C:\windows\system32\drivers

  • Please insert your USB-stick or similar before proceeding.
  • At the next prompt type the following bolded text, and press Enter:

    copy volsnap.sys C:\volsnap.bad

    exit
Windows will now begin loading.

Please go to C:\ and locate the file volsnap.bad, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 January 2011 - 09:28 PM

Renaming user.js did fix the homepage issue. No other settings seem to be missing. Thank you!

Also, just uploaded volsnap.bad. Used 'winnt' instead of 'windows' in C:\windows\system32\drivers. I am not sure what "where date and time are the date and time when you ran ComboFix" in your post refers to though, so I hope I did this right.

Thanks again!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 18 January 2011 - 02:10 PM

Hi,

thanks for thinking for me and uploading the file. That file seems malicious and I would like to address that:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 18 January 2011 - 11:34 PM

It did find an infection in volsnap.sys, which it says it will "cure" after reboot. I tried to close the program without doing anything to the file, but it seems I did not do it properly. I have not rebooted the computer.

Here is the pasted file:

2011/01/18 23:25:27.0359 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/18 23:25:27.0359 ================================================================================
2011/01/18 23:25:27.0359 SystemInfo:
2011/01/18 23:25:27.0359
2011/01/18 23:25:27.0359 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/18 23:25:27.0359 Product type: Workstation
2011/01/18 23:25:27.0359 ComputerName: CASA_NEW_HAVEN
2011/01/18 23:25:27.0359 UserName: Ton
2011/01/18 23:25:27.0359 Windows directory: C:\WINNT
2011/01/18 23:25:27.0359 System windows directory: C:\WINNT
2011/01/18 23:25:27.0359 Processor architecture: Intel x86
2011/01/18 23:25:27.0359 Number of processors: 1
2011/01/18 23:25:27.0359 Page size: 0x1000
2011/01/18 23:25:27.0359 Boot type: Normal boot
2011/01/18 23:25:27.0359 ================================================================================
2011/01/18 23:25:28.0468 Initialize success
2011/01/18 23:25:49.0953 ================================================================================
2011/01/18 23:25:49.0953 Scan started
2011/01/18 23:25:49.0953 Mode: Manual;
2011/01/18 23:25:49.0953 ================================================================================
2011/01/18 23:25:53.0468 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINNT\system32\drivers\ac97intc.sys
2011/01/18 23:25:53.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys
2011/01/18 23:25:53.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
2011/01/18 23:25:54.0109 ActivHidSerMini (975e7bb16739d09d0f565e3923361bb2) C:\WINNT\system32\DRIVERS\activhidsermini.sys
2011/01/18 23:25:54.0531 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINNT\system32\DRIVERS\adpu160m.sys
2011/01/18 23:25:55.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
2011/01/18 23:25:56.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys
2011/01/18 23:25:56.0671 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\system32\DRIVERS\agp440.sys
2011/01/18 23:25:58.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
2011/01/18 23:25:58.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys
2011/01/18 23:25:58.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
2011/01/18 23:25:58.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
2011/01/18 23:25:59.0203 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINNT\system32\DRIVERS\BCMDM.sys
2011/01/18 23:25:59.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
2011/01/18 23:25:59.0843 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINNT\system32\drivers\BVRPMPR5.SYS
2011/01/18 23:26:00.0359 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
2011/01/18 23:26:00.0609 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINNT\system32\DRIVERS\CCDECODE.sys
2011/01/18 23:26:01.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
2011/01/18 23:26:01.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
2011/01/18 23:26:01.0531 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINNT\system32\drivers\Cdr4_xp.sys
2011/01/18 23:26:01.0796 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINNT\system32\drivers\Cdralw2k.sys
2011/01/18 23:26:02.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
2011/01/18 23:26:03.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
2011/01/18 23:26:03.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
2011/01/18 23:26:03.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys
2011/01/18 23:26:04.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
2011/01/18 23:26:04.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
2011/01/18 23:26:05.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
2011/01/18 23:26:05.0296 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINNT\system32\DRIVERS\e100b325.sys
2011/01/18 23:26:05.0531 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/18 23:26:05.0953 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINNT\system32\DRIVERS\el90xbc5.sys
2011/01/18 23:26:06.0140 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/18 23:26:06.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
2011/01/18 23:26:06.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys
2011/01/18 23:26:06.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
2011/01/18 23:26:07.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys
2011/01/18 23:26:07.0281 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
2011/01/18 23:26:07.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
2011/01/18 23:26:07.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
2011/01/18 23:26:07.0953 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\Drivers\GEARAspiWDM.sys
2011/01/18 23:26:08.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
2011/01/18 23:26:08.0421 GTWModem (bf6e564f88ffc7809a9147e9381d4e50) C:\WINNT\system32\DRIVERS\GWMDM.sys
2011/01/18 23:26:08.0718 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
2011/01/18 23:26:09.0187 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINNT\system32\DRIVERS\HPZid412.sys
2011/01/18 23:26:09.0390 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINNT\system32\DRIVERS\HPZipr12.sys
2011/01/18 23:26:09.0593 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINNT\system32\DRIVERS\HPZius12.sys
2011/01/18 23:26:09.0796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
2011/01/18 23:26:10.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
2011/01/18 23:26:10.0500 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINNT\system32\DRIVERS\ialmnt5.sys
2011/01/18 23:26:10.0703 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
2011/01/18 23:26:11.0343 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys
2011/01/18 23:26:11.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
2011/01/18 23:26:11.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
2011/01/18 23:26:11.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
2011/01/18 23:26:12.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
2011/01/18 23:26:12.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
2011/01/18 23:26:12.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
2011/01/18 23:26:12.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
2011/01/18 23:26:13.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys
2011/01/18 23:26:13.0250 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
2011/01/18 23:26:13.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
2011/01/18 23:26:13.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
2011/01/18 23:26:14.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
2011/01/18 23:26:14.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
2011/01/18 23:26:14.0515 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINNT\system32\drivers\MODEMCSA.sys
2011/01/18 23:26:14.0703 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
2011/01/18 23:26:14.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
2011/01/18 23:26:15.0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
2011/01/18 23:26:15.0515 mrtRate (a7566da7aa8b74f1cebc18afd6b6cfa0) C:\WINNT\system32\drivers\mrtRate.sys
2011/01/18 23:26:15.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
2011/01/18 23:26:16.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys
2011/01/18 23:26:16.0406 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
2011/01/18 23:26:16.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
2011/01/18 23:26:16.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
2011/01/18 23:26:17.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
2011/01/18 23:26:17.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
2011/01/18 23:26:17.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINNT\system32\drivers\MSTEE.sys
2011/01/18 23:26:17.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys
2011/01/18 23:26:17.0875 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINNT\system32\DRIVERS\NABTSFEC.sys
2011/01/18 23:26:18.0109 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110114.009\naveng.sys
2011/01/18 23:26:18.0203 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110114.009\navex15.sys
2011/01/18 23:26:18.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
2011/01/18 23:26:18.0828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINNT\system32\DRIVERS\NdisIP.sys
2011/01/18 23:26:19.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys
2011/01/18 23:26:19.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
2011/01/18 23:26:19.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
2011/01/18 23:26:20.0015 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys
2011/01/18 23:26:20.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
2011/01/18 23:26:20.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
2011/01/18 23:26:20.0859 NMSCFG (419f4d80fe7e34e2626c84b3c6035955) C:\WINNT\system32\drivers\NMSCFG.SYS
2011/01/18 23:26:21.0109 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
2011/01/18 23:26:21.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
2011/01/18 23:26:21.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
2011/01/18 23:26:22.0078 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINNT\system32\DRIVERS\nv4_mini.sys
2011/01/18 23:26:22.0531 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINNT\system32\DRIVERS\nv4.sys
2011/01/18 23:26:23.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
2011/01/18 23:26:23.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
2011/01/18 23:26:24.0000 P1001VID (d6d23a1e2729e2d12d38dba588b81be6) C:\WINNT\system32\DRIVERS\P1001Vid.sys
2011/01/18 23:26:24.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys
2011/01/18 23:26:24.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
2011/01/18 23:26:25.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
2011/01/18 23:26:25.0375 PcdrNt (231f133b4a5a04307abd95cac80fd063) C:\WINNT\System32\drivers\PcdrNt.sys
2011/01/18 23:26:25.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys
2011/01/18 23:26:26.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
2011/01/18 23:26:26.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\drivers\Pcmcia.sys
2011/01/18 23:26:27.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
2011/01/18 23:26:28.0046 prmvmouse (f1f70dde1fd6713bfb32c62a68a190b4) C:\WINNT\system32\DRIVERS\activmouse.sys
2011/01/18 23:26:28.0265 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINNT\system32\DRIVERS\processr.sys
2011/01/18 23:26:28.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
2011/01/18 23:26:28.0734 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINNT\system32\DRIVERS\PxHelp20.sys
2011/01/18 23:26:30.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
2011/01/18 23:26:30.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
2011/01/18 23:26:30.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
2011/01/18 23:26:30.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
2011/01/18 23:26:31.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
2011/01/18 23:26:31.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
2011/01/18 23:26:31.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys
2011/01/18 23:26:31.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys
2011/01/18 23:26:32.0156 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/01/18 23:26:32.0265 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/01/18 23:26:32.0546 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
2011/01/18 23:26:32.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys
2011/01/18 23:26:33.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys
2011/01/18 23:26:33.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys
2011/01/18 23:26:33.0812 Sk99202k (c75c87a92d8d96ca16e35df929981793) C:\WINNT\system32\DRIVERS\Sk99202k.sys
2011/01/18 23:26:34.0125 Sk9920nt (36f8779600661a2a5faaba74e9392961) C:\WINNT\system32\DRIVERS\Sk9920nt.sys
2011/01/18 23:26:34.0343 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINNT\system32\DRIVERS\SLIP.sys
2011/01/18 23:26:34.0625 smwdm (b911c822922cf62df83ad36d5c9775cc) C:\WINNT\system32\drivers\smwdm.sys
2011/01/18 23:26:34.0906 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINNT\system32\DRIVERS\SONYPVU1.SYS
2011/01/18 23:26:35.0265 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/18 23:26:35.0515 SPCA508A (658ad50e7b6909f4bb514f7cc1d4f1b2) C:\WINNT\system32\DRIVERS\SPCA508A.SYS
2011/01/18 23:26:35.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
2011/01/18 23:26:36.0015 SQTECH9052 (69b4ad63ab4e4329773efa33c69c1943) C:\WINNT\system32\Drivers\Capt9052.sys
2011/01/18 23:26:36.0296 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINNT\system32\Drivers\Capt905c.sys
2011/01/18 23:26:36.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
2011/01/18 23:26:36.0796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINNT\system32\DRIVERS\srv.sys
2011/01/18 23:26:37.0265 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINNT\system32\DRIVERS\serscan.sys
2011/01/18 23:26:37.0500 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINNT\system32\DRIVERS\StreamIP.sys
2011/01/18 23:26:37.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
2011/01/18 23:26:37.0937 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
2011/01/18 23:26:38.0593 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS
2011/01/18 23:26:38.0906 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINNT\System32\Drivers\SYMREDRV.SYS
2011/01/18 23:26:39.0171 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINNT\System32\Drivers\SYMTDI.SYS
2011/01/18 23:26:39.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
2011/01/18 23:26:40.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
2011/01/18 23:26:40.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
2011/01/18 23:26:40.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
2011/01/18 23:26:41.0078 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
2011/01/18 23:26:41.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
2011/01/18 23:26:41.0796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINNT\system32\DRIVERS\ultra.sys
2011/01/18 23:26:42.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
2011/01/18 23:26:42.0343 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINNT\system32\Drivers\usbaapl.sys
2011/01/18 23:26:42.0593 usbaudio (e919708db44ed8543a7c017953148330) C:\WINNT\system32\drivers\usbaudio.sys
2011/01/18 23:26:42.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
2011/01/18 23:26:43.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
2011/01/18 23:26:43.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys
2011/01/18 23:26:43.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys
2011/01/18 23:26:43.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
2011/01/18 23:26:44.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
2011/01/18 23:26:44.0546 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys
2011/01/18 23:26:44.0796 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINNT\system32\DRIVERS\usb8023.sys
2011/01/18 23:26:45.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
2011/01/18 23:26:45.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINNT\system32\DRIVERS\viaide.sys
2011/01/18 23:26:45.0718 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINNT\system32\drivers\VolSnap.sys
2011/01/18 23:26:45.0718 Suspicious file (Forged): C:\WINNT\system32\drivers\VolSnap.sys. Real md5: 31eda41f98868b92eeed6e16d7424a86, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/18 23:26:45.0750 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/18 23:26:46.0078 VX3000 (b763b9807e6927004916c999fdb44c77) C:\WINNT\system32\DRIVERS\VX3000.sys
2011/01/18 23:26:46.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
2011/01/18 23:26:47.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
2011/01/18 23:26:47.0453 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
2011/01/18 23:26:47.0703 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINNT\system32\DRIVERS\WudfPf.sys
2011/01/18 23:26:47.0937 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINNT\system32\DRIVERS\wudfrd.sys
2011/01/18 23:26:48.0250 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINNT\system32\drivers\ialmsbw.sys
2011/01/18 23:26:48.0500 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINNT\system32\drivers\ialmkchw.sys
2011/01/18 23:26:48.0796 ================================================================================
2011/01/18 23:26:48.0796 Scan finished
2011/01/18 23:26:48.0796 ================================================================================
2011/01/18 23:26:48.0828 Detected object count: 1

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 20 January 2011 - 10:33 AM

Hi,

please reboot the PC, that should deal with the file and fix any remaining issues you may have.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 20 January 2011 - 10:37 AM

Hi,

please reboot the PC, that should deal with the file and fix any remaining issues you may have.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Blops

Blops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 20 January 2011 - 09:55 PM

It does indeed seem that all is well. Some tests of Google results worked perfectly.
Thank you so very much for the help. Is there anything else to be done? What security software do you recommend to reduce the risk of this happening again?
Thanks again!

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:30 PM

Posted 22 January 2011 - 04:57 AM

Hi,

yes, there are a couple more steps I would like to go through with you. The first would be to run a scan with Eset to check for leftovers:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users