Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyStart Incredibar Infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 fastirwin

fastirwin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 20 January 2012 - 12:45 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:02 PM, on 1/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Notes\nslsvice.exe
C:\Program Files\Dell\KACE\AMPAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Notes\nsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Documents and Settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\Microsoft Office 2007\Office12\POWERPNT.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office 2007\Office12\WINWORD.EXE
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com?a=6R8hlwHznP&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\KUsrInit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [Novell Application Explorer] Naldesk.exe
O4 - HKLM\..\Run: [Nalview] C:\Program Files\Novell\ZENworks\NalView.exe /ns
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254598088640
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = insideidc.com
O17 - HKLM\Software\..\Telephony: DomainName = insideidc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = insideidc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = insideidc.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: kwinhook - kwinhook.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dell KACE Agent (AMPAgent) - Dell Inc. - C:\Program Files\Dell\KACE\AMPAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\IRIS Version III\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 15481 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 22 January 2012 - 01:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 23 January 2012 - 09:52 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by rpatterson at 9:51:37 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.1913 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Notes\nslsvice.exe
svchost.exe
C:\Program Files\Dell\KACE\AMPAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Notes\nsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Documents and Settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\KUsrInit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\rpatterson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [Novell Application Explorer] Naldesk.exe
mRun: [Nalview] c:\program files\novell\zenworks\NalView.exe /ns
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\rpatte~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rpatterson\application data\dropbox\bin\Dropbox.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi69df~1\office12\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254598088640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.3.1 10.1.3.2
TCP: Interfaces\{11D95BBB-EDDC-48C2-8829-5E92BE083CAA} : DhcpNameServer = 10.1.3.1 10.1.3.2
TCP: Interfaces\{AECFF402-8611-45ED-A899-243AC979075E} : DhcpNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: kwinhook - kwinhook.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: IDC Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages = msv1_0 nwv1_0
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rpatterson\application data\mozilla\firefox\profiles\y697l5cd.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/?loc=IB_DS&a=6R8hlwHznP&&i=26&search=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\webex\productivity tools\components\ocff.dll
FF - plugin: c:\documents and settings\rpatterson\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\hewlett-packard\hp virutal rooms client launcher plugin\nphpvrl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: ocplugin: ocplugin@webex.com - c:\program files\webex\Productivity Tools
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hlwHznP&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.hardId - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:07:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hlwHznP
FF - user.js: extensions.incredibar_i.upn2n - 92823703116451737
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-2-14 17648]
R2 AMPAgent;Dell KACE Agent;c:\program files\dell\kace\AMPAgent.exe [2011-9-21 2753640]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-1-17 6899]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2009-11-2 353672]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2004-11-22 163840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-2-4 59904]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2011-8-24 1693128]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-2-14 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-2-4 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-2-14 33832]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-1-10 2773]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-10-8 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-10-8 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-8 235520]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-8-24 10688]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2009-11-2 129304]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S1 MpKsl9bb71d95;MpKsl9bb71d95;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ca4f18e-fb09-49d4-a89e-d21d0b1123da}\mpksl9bb71d95.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ca4f18e-fb09-49d4-a89e-d21d0b1123da}\MpKsl9bb71d95.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-2-4 109568]
.
=============== Created Last 30 ================
.
2012-01-23 14:45:24 -------- d-----w- c:\documents and settings\rpatterson\application data\smkits
2012-01-20 17:33:59 388096 ----a-r- c:\documents and settings\rpatterson\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-20 17:33:59 -------- d-----w- c:\program files\Trend Micro
2012-01-17 21:13:43 -------- d-----w- C:\MalwareBytes-Uninstall-Folder
2012-01-17 15:52:54 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-01-17 15:52:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-01-17 15:52:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-17 15:52:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
==================== Find3M ====================
.
2012-01-23 14:41:03 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-23 14:41:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-19 17:30:17 6 ----a-w- c:\windows\system32\wbem\TempWmicBatchFile.bat
2011-12-17 09:01:29 0 ----a-w- c:\windows\invcol.tmp
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 9:52:07.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2011 11:39:00 AM
System Uptime: 1/23/2012 9:40:36 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0T6M8G
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | CPU 1 | 2394/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 255.255 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 931 GiB total, 444.685 GiB free.
F: is NetworkDisk (NWFS) - 10 GiB total, 0.531 GiB free.
G: is NetworkDisk (NWFS) - 3765 GiB total, 2290.961 GiB free.
H: is NetworkDisk (NWFS) - 7530 GiB total, 261.545 GiB free.
I: is NetworkDisk (NWFS) - 3765 GiB total, 2290.961 GiB free.
N: is NetworkDisk (NWFS) - 3765 GiB total, 2290.961 GiB free.
Z: is NetworkDisk (NWFS) - 10 GiB total, 0.531 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP333: 10/25/2011 10:36:44 AM - Software Distribution Service 3.0
RP334: 10/25/2011 10:37:50 AM - Installed Java™ 6 Update 29
RP335: 10/25/2011 10:40:54 AM - Software Distribution Service 3.0
RP336: 10/26/2011 10:45:16 AM - Software Distribution Service 3.0
RP337: 10/27/2011 11:00:47 AM - Software Distribution Service 3.0
RP338: 10/28/2011 7:49:02 AM - Software Distribution Service 3.0
RP339: 10/28/2011 10:55:51 AM - Software Distribution Service 3.0
RP340: 10/29/2011 7:49:03 AM - Software Distribution Service 3.0
RP341: 10/29/2011 10:55:56 AM - Software Distribution Service 3.0
RP342: 10/31/2011 9:37:50 AM - Software Distribution Service 3.0
RP343: 11/1/2011 7:31:30 AM - Software Distribution Service 3.0
RP344: 11/2/2011 7:45:13 AM - Software Distribution Service 3.0
RP345: 11/2/2011 9:49:21 AM - Software Distribution Service 3.0
RP346: 11/3/2011 9:57:10 AM - Software Distribution Service 3.0
RP347: 11/4/2011 1:38:26 PM - Software Distribution Service 3.0
RP348: 11/5/2011 7:37:48 AM - Software Distribution Service 3.0
RP349: 11/6/2011 6:45:14 AM - System Checkpoint
RP350: 11/6/2011 7:37:14 AM - Software Distribution Service 3.0
RP351: 11/7/2011 7:37:11 AM - Software Distribution Service 3.0
RP352: 11/8/2011 12:48:58 PM - System Checkpoint
RP353: 11/8/2011 6:00:13 PM - Software Distribution Service 3.0
RP354: 11/9/2011 9:38:33 AM - Software Distribution Service 3.0
RP355: 11/10/2011 8:23:58 AM - Software Distribution Service 3.0
RP356: 11/10/2011 9:33:01 AM - Software Distribution Service 3.0
RP357: 11/14/2011 9:32:19 AM - Software Distribution Service 3.0
RP358: 11/14/2011 6:00:12 PM - Software Distribution Service 3.0
RP359: 11/15/2011 7:37:15 AM - Software Distribution Service 3.0
RP360: 11/16/2011 8:23:42 AM - System Checkpoint
RP361: 11/16/2011 8:26:49 AM - Software Distribution Service 3.0
RP362: 11/16/2011 9:25:40 AM - Software Distribution Service 3.0
RP363: 11/17/2011 9:41:16 AM - Software Distribution Service 3.0
RP364: 11/18/2011 6:08:37 PM - System Checkpoint
RP365: 11/19/2011 7:47:32 AM - Software Distribution Service 3.0
RP366: 11/19/2011 10:08:47 AM - Software Distribution Service 3.0
RP367: 11/20/2011 7:47:48 AM - Software Distribution Service 3.0
RP368: 11/20/2011 10:09:59 AM - Software Distribution Service 3.0
RP369: 11/21/2011 7:47:28 AM - Software Distribution Service 3.0
RP370: 11/22/2011 7:36:13 AM - Software Distribution Service 3.0
RP371: 11/22/2011 9:38:26 AM - Software Distribution Service 3.0
RP372: 11/23/2011 10:22:51 AM - Software Distribution Service 3.0
RP373: 11/24/2011 8:28:33 AM - Software Distribution Service 3.0
RP374: 11/24/2011 10:17:02 AM - Software Distribution Service 3.0
RP375: 11/25/2011 8:28:09 AM - Software Distribution Service 3.0
RP376: 11/25/2011 10:17:03 AM - Software Distribution Service 3.0
RP377: 11/26/2011 8:28:45 AM - Software Distribution Service 3.0
RP378: 11/26/2011 10:17:02 AM - Software Distribution Service 3.0
RP379: 11/27/2011 8:28:30 AM - Software Distribution Service 3.0
RP380: 11/27/2011 10:17:03 AM - Software Distribution Service 3.0
RP381: 11/28/2011 8:28:33 AM - Software Distribution Service 3.0
RP382: 11/29/2011 9:47:54 AM - Software Distribution Service 3.0
RP383: 11/30/2011 8:11:30 AM - Software Distribution Service 3.0
RP384: 11/30/2011 9:42:53 AM - Software Distribution Service 3.0
RP385: 12/1/2011 9:46:58 AM - Software Distribution Service 3.0
RP386: 12/1/2011 3:54:41 PM - Installed HP Virtual Rooms Client Launcher Plugin
RP387: 12/2/2011 8:13:47 AM - Software Distribution Service 3.0
RP388: 12/3/2011 8:27:10 AM - Software Distribution Service 3.0
RP389: 12/3/2011 2:38:22 PM - Software Distribution Service 3.0
RP390: 12/4/2011 8:26:30 AM - Software Distribution Service 3.0
RP391: 12/4/2011 2:38:21 PM - Software Distribution Service 3.0
RP392: 12/5/2011 8:26:30 AM - Software Distribution Service 3.0
RP393: 12/6/2011 8:26:45 AM - Software Distribution Service 3.0
RP394: 12/6/2011 9:49:30 AM - Software Distribution Service 3.0
RP395: 12/7/2011 1:46:57 PM - Software Distribution Service 3.0
RP396: 12/8/2011 1:41:59 PM - Software Distribution Service 3.0
RP397: 12/9/2011 2:50:33 PM - System Checkpoint
RP398: 12/12/2011 9:42:59 AM - Software Distribution Service 3.0
RP399: 12/13/2011 7:37:39 AM - Software Distribution Service 3.0
RP400: 12/13/2011 9:38:03 AM - Software Distribution Service 3.0
RP401: 12/14/2011 7:37:57 AM - Software Distribution Service 3.0
RP402: 12/14/2011 9:40:32 AM - Software Distribution Service 3.0
RP403: 12/14/2011 6:00:24 PM - Software Distribution Service 3.0
RP404: 12/15/2011 8:20:51 AM - Software Distribution Service 3.0
RP405: 12/16/2011 12:59:17 PM - Software Distribution Service 3.0
RP406: 12/17/2011 7:45:00 AM - Software Distribution Service 3.0
RP407: 12/17/2011 12:53:58 PM - Software Distribution Service 3.0
RP408: 12/18/2011 7:44:41 AM - Software Distribution Service 3.0
RP409: 12/18/2011 12:54:22 PM - Software Distribution Service 3.0
RP410: 12/19/2011 7:44:10 AM - Software Distribution Service 3.0
RP411: 12/20/2011 9:45:18 AM - Software Distribution Service 3.0
RP412: 12/21/2011 8:26:08 AM - Software Distribution Service 3.0
RP413: 12/21/2011 9:40:38 AM - Software Distribution Service 3.0
RP414: 12/22/2011 8:25:54 AM - Software Distribution Service 3.0
RP415: 12/22/2011 9:40:33 AM - Software Distribution Service 3.0
RP416: 12/23/2011 10:33:51 AM - Software Distribution Service 3.0
RP417: 12/24/2011 7:50:23 AM - Software Distribution Service 3.0
RP418: 12/24/2011 10:28:57 AM - Software Distribution Service 3.0
RP419: 12/25/2011 7:50:11 AM - Software Distribution Service 3.0
RP420: 12/25/2011 10:29:31 AM - Software Distribution Service 3.0
RP421: 12/26/2011 7:51:21 AM - Software Distribution Service 3.0
RP422: 12/26/2011 10:29:57 AM - Software Distribution Service 3.0
RP423: 12/27/2011 7:51:29 AM - Software Distribution Service 3.0
RP424: 12/27/2011 10:28:55 AM - Software Distribution Service 3.0
RP425: 12/28/2011 7:50:37 AM - Software Distribution Service 3.0
RP426: 12/28/2011 10:28:33 AM - Software Distribution Service 3.0
RP427: 12/29/2011 7:50:12 AM - Software Distribution Service 3.0
RP428: 12/29/2011 10:28:55 AM - Software Distribution Service 3.0
RP429: 1/3/2012 9:15:08 AM - Software Distribution Service 3.0
RP430: 1/4/2012 8:09:50 AM - Software Distribution Service 3.0
RP431: 1/4/2012 9:10:32 AM - Software Distribution Service 3.0
RP432: 1/4/2012 12:30:29 PM - Removed Amazon MP3 Uploader
RP433: 1/5/2012 8:09:39 AM - Software Distribution Service 3.0
RP434: 1/5/2012 9:10:20 AM - Software Distribution Service 3.0
RP435: 1/6/2012 8:03:45 AM - Software Distribution Service 3.0
RP436: 1/6/2012 8:28:30 PM - Software Distribution Service 3.0
RP437: 1/7/2012 8:03:55 AM - Software Distribution Service 3.0
RP438: 1/7/2012 8:28:41 PM - Software Distribution Service 3.0
RP439: 1/8/2012 8:04:01 AM - Software Distribution Service 3.0
RP440: 1/8/2012 8:29:04 PM - Software Distribution Service 3.0
RP441: 1/9/2012 8:03:10 AM - Software Distribution Service 3.0
RP442: 1/10/2012 8:26:23 AM - Software Distribution Service 3.0
RP443: 1/10/2012 9:58:34 AM - Software Distribution Service 3.0
RP444: 1/11/2012 8:25:44 AM - Software Distribution Service 3.0
RP445: 1/11/2012 9:59:08 AM - Software Distribution Service 3.0
RP446: 1/11/2012 6:00:23 PM - Software Distribution Service 3.0
RP447: 1/12/2012 7:02:21 PM - System Checkpoint
RP448: 1/13/2012 8:23:30 AM - Software Distribution Service 3.0
RP449: 1/13/2012 9:44:53 AM - Software Distribution Service 3.0
RP450: 1/14/2012 8:23:53 AM - Software Distribution Service 3.0
RP451: 1/14/2012 9:44:57 AM - Software Distribution Service 3.0
RP452: 1/15/2012 8:23:37 AM - Software Distribution Service 3.0
RP453: 1/15/2012 9:45:52 AM - Software Distribution Service 3.0
RP454: 1/16/2012 8:23:33 AM - Software Distribution Service 3.0
RP455: 1/16/2012 9:44:29 AM - Software Distribution Service 3.0
RP456: 1/17/2012 8:23:51 AM - Software Distribution Service 3.0
RP457: 1/17/2012 9:45:05 AM - Software Distribution Service 3.0
RP458: 1/18/2012 12:50:16 PM - System Checkpoint
RP459: 1/19/2012 1:41:39 PM - System Checkpoint
RP460: 1/20/2012 12:33:58 PM - Installed HiJackThis
RP461: 1/21/2012 12:34:13 PM - System Checkpoint
RP462: 1/22/2012 12:40:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AccelerometerP11
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Bullzip MS Access to MySQL 3.0.0.148
Bullzip PDF Printer 7.2.0.1304
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP620 series MP Drivers
Check Point SSL Network Extender
Conexant HDA D330 MDC V.92 Modem
Dell ControlVault Host Components Installer
Dell KACE Agent
Dell Resource CD
Dell Security Device Driver Pack
Dell Touchpad
DocConverter
Dropbox
DW WLAN Card Utility
GIMP 2.6.11
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript Lite 8.70
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958244)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB967048-v2)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Virtual Rooms Client Launcher Plugin
HyperSnap-DX 4
IDC MS Excel and MS Word Templates
IDC Research Template Office 2007
IDT Audio
Intel® Graphics Media Accelerator Driver
iPassConnect
IRIS Version III
iTunes
Java Auto Updater
Java™ 6 Update 29
LAME v3.98.3 for Audacity
Lotus Notes 8.5.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
MixMeister BPM Analyzer 1.0
Mozilla Firefox (3.6.25)
MySQL Connector/ODBC 5.1
Novell Client for Windows
OGA Notifier 2.0.0048.0
oomfo charts for PowerPoint®
PowerDVD
QuickTime
QuickXpense Enterprise 2.1
RICOH Media Driver ver.2.11.01.02
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.3
Sonic CinePlayer Decoder Pack
swMSM
UltraVNC 1.0.5.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
Visual Studio Tools for the Office system 3.0 Runtime
WebEx
WebEx Productivity Tools
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
winLAME 2010 beta 2
WinZip
XpenseForm: International Data Corp.
ZENworks Desktop Management Agent
.
==== Event Viewer Messages From Past Week ========
.
1/17/2012 10:49:37 AM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 23 January 2012 - 10:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 25 January 2012 - 02:28 PM

ComboFix 12-01-23.02 - rpatterson 01/25/2012 14:16:22.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2590 [GMT -5:00]
Running from: c:\documents and settings\rpatterson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\rpatterson\Application Data\PriceGong
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\1.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\a.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\b.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\c.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\d.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\e.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\f.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\g.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\h.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\i.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\J.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\k.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\l.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\m.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\n.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\o.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\p.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\q.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\r.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\s.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\t.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\u.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\v.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\w.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\x.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\y.xml
c:\documents and settings\rpatterson\Application Data\PriceGong\Data\z.xml
c:\documents and settings\rpatterson\Local Settings\Application Data\assembly\tmp
c:\windows\EventSystem.log
c:\windows\system32\NWGina.dll
c:\windows\system32\setup.vbs
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-24 19:21 . 2012-01-06 01:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54DC4056-91F9-48AF-8CED-5C7146526558}\mpengine.dll
2012-01-24 19:20 . 2012-01-24 19:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 19:20 . 2012-01-24 19:20 -------- d-----w- C:\MS-SecEss-Delivery-Folder
2012-01-24 13:00 . 2012-01-24 13:00 0 ----a-w- c:\windows\invcol.tmp
2012-01-23 16:34 . 2012-01-23 16:34 -------- d-----w- c:\documents and settings\rpatterson\Application Data\smkits
2012-01-20 17:33 . 2012-01-20 17:33 388096 ----a-r- c:\documents and settings\rpatterson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-20 17:33 . 2012-01-20 17:33 -------- d-----w- c:\program files\Trend Micro
2012-01-19 20:07 . 2012-01-19 20:07 447 ----a-w- C:\user.js
2012-01-19 20:06 . 2012-01-20 17:35 -------- d-----w- c:\documents and settings\rpatterson\Application Data\Eltima Software
2012-01-17 21:13 . 2012-01-17 21:13 -------- d-----w- C:\MalwareBytes-Uninstall-Folder
2012-01-17 15:52 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-01-17 15:52 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-01-17 15:52 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-17 15:52 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 19:21 . 2009-10-03 09:30 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-25 19:21 . 2009-10-03 19:58 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-25 19:00 . 2010-02-04 20:20 6 ----a-w- c:\windows\system32\wbem\TempWmicBatchFile.bat
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-14 12:00 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-05-31 14:38 . 2011-05-31 14:38 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-05-31 14:38 . 2011-05-31 14:38 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2011-05-24 14:35 . 2011-05-24 14:36 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-13 39408]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-06-13 402744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"Nalview"="c:\program files\Novell\ZENworks\NalView.exe" [2005-01-24 35840]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-26 2670592]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 145432]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-19 495708]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\rpatterson\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-01-25 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kwinhook]
2011-09-21 16:53 60008 ----a-w- c:\windows\system32\KWinHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 17:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.2.20100729-1241\\win32\\x86\\notes2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\rpatterson\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2/14/2011 1:55 PM 17648]
R2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [9/21/2011 11:53 AM 2753640]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [1/17/2005 11:23 AM 6899]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [11/2/2009 6:43 PM 353672]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [3/24/2010 12:09 AM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [3/24/2010 12:09 AM 27040]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [11/22/2004 12:07 PM 163840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2/4/2010 3:14 PM 59904]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [8/24/2011 9:44 AM 1693128]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [1/10/2005 12:36 PM 61440]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2/14/2011 1:55 PM 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2/4/2010 3:14 PM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2/14/2011 1:55 PM 33832]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [1/10/2005 10:37 AM 2773]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/8/2010 5:31 PM 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [10/8/2010 5:32 PM 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [10/8/2010 5:32 PM 235520]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [8/24/2011 9:44 AM 10688]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [11/2/2009 6:43 PM 129304]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S1 MpKslc29022d1;MpKslc29022d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54DC4056-91F9-48AF-8CED-5C7146526558}\MpKslc29022d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54DC4056-91F9-48AF-8CED-5C7146526558}\MpKslc29022d1.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:33 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:33 PM 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/4/2010 3:15 PM 109568]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:33]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:33]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040Core.job
- c:\documents and settings\rpatterson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 22:18]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040UA.job
- c:\documents and settings\rpatterson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 22:18]
.
2012-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.1.3.1 10.1.3.2
FF - ProfilePath - c:\documents and settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/?loc=IB_DS&a=6R8hlwHznP&&i=26&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: ocplugin: ocplugin@webex.com - c:\program files\WebEx\Productivity Tools
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hlwHznP&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.hardId - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hlwHznP
FF - user.js: extensions.incredibar_i.upn2n - 92823703116451737
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Novell Application Explorer - Naldesk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\kwinhook.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\IDT\WDM\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\notes\nslsvice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\notes\ntmulti.exe
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Novell\ZENworks\wm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\program files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Completion time: 2012-01-25 14:26:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 19:25
.
Pre-Run: 278,926,811,136 bytes free
Post-Run: 278,915,088,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 52BBB31DD5A08336D9F40CB83D41D13B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 25 January 2012 - 04:44 PM

Hello

How are things doing now?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 25 January 2012 - 04:53 PM

Still getting browser redirect to incredibar search on searches in Chrome - you can see the registry entries in the combofix log - assuming we need to delete those. Here's the Kaspersky file:


16:52:21.0221 5664 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:52:21.0424 5664 ============================================================
16:52:21.0424 5664 Current date / time: 2012/01/25 16:52:21.0424
16:52:21.0424 5664 SystemInfo:
16:52:21.0424 5664
16:52:21.0424 5664 OS Version: 5.1.2600 ServicePack: 3.0
16:52:21.0424 5664 Product type: Workstation
16:52:21.0424 5664 ComputerName: RPATTERSON
16:52:21.0424 5664 UserName: rpatterson
16:52:21.0424 5664 Windows directory: C:\WINDOWS
16:52:21.0424 5664 System windows directory: C:\WINDOWS
16:52:21.0424 5664 Processor architecture: Intel x86
16:52:21.0424 5664 Number of processors: 4
16:52:21.0424 5664 Page size: 0x1000
16:52:21.0424 5664 Boot type: Normal boot
16:52:21.0424 5664 ============================================================
16:52:21.0955 5664 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:22.0002 5664 Drive \Device\Harddisk1\DR3 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:52:22.0065 5664 Initialize success
16:52:24.0487 3484 ============================================================
16:52:24.0487 3484 Scan started
16:52:24.0487 3484 Mode: Manual;
16:52:24.0487 3484 ============================================================
16:52:24.0955 3484 Abiosdsk - ok
16:52:24.0971 3484 abp480n5 - ok
16:52:25.0002 3484 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\WINDOWS\system32\DRIVERS\Accelern.sys
16:52:25.0002 3484 Acceler - ok
16:52:25.0049 3484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:52:25.0049 3484 ACPI - ok
16:52:25.0049 3484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:52:25.0049 3484 ACPIEC - ok
16:52:25.0065 3484 adpu160m - ok
16:52:25.0080 3484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:52:25.0080 3484 aec - ok
16:52:25.0127 3484 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
16:52:25.0127 3484 AESTAud - ok
16:52:25.0174 3484 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:52:25.0174 3484 AFD - ok
16:52:25.0190 3484 Aha154x - ok
16:52:25.0190 3484 aic78u2 - ok
16:52:25.0205 3484 aic78xx - ok
16:52:25.0205 3484 AliIde - ok
16:52:25.0221 3484 amsint - ok
16:52:25.0252 3484 ApfiltrService (83299c470907b54bb861b7ad55011871) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:52:25.0268 3484 ApfiltrService - ok
16:52:25.0299 3484 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:52:25.0299 3484 Arp1394 - ok
16:52:25.0299 3484 asc - ok
16:52:25.0315 3484 asc3350p - ok
16:52:25.0330 3484 asc3550 - ok
16:52:25.0377 3484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:52:25.0377 3484 AsyncMac - ok
16:52:25.0377 3484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:52:25.0377 3484 atapi - ok
16:52:25.0393 3484 Atdisk - ok
16:52:25.0408 3484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:52:25.0408 3484 Atmarpc - ok
16:52:25.0408 3484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:52:25.0408 3484 audstub - ok
16:52:25.0440 3484 b57w2k (51ca406d64dc6d6d14bc214f3f4ad5a2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:52:25.0440 3484 b57w2k - ok
16:52:25.0533 3484 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:52:25.0580 3484 BCM43XX - ok
16:52:25.0612 3484 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
16:52:25.0627 3484 BCMWLNPF - ok
16:52:25.0627 3484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:52:25.0627 3484 Beep - ok
16:52:25.0643 3484 BlankScr (aac5cd9824c42ecc3f653785550386b6) C:\WINDOWS\system32\drivers\BlankScr.sys
16:52:25.0658 3484 BlankScr - ok
16:52:25.0674 3484 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
16:52:25.0705 3484 Blfp - ok
16:52:25.0752 3484 BTWUSB (f9b15cfaef98d8117313c6c4215b9eac) C:\WINDOWS\system32\Drivers\btwusb.sys
16:52:25.0752 3484 BTWUSB - ok
16:52:25.0752 3484 catchme - ok
16:52:25.0768 3484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:52:25.0768 3484 cbidf2k - ok
16:52:25.0799 3484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:52:25.0799 3484 CCDECODE - ok
16:52:25.0799 3484 cd20xrnt - ok
16:52:25.0815 3484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:52:25.0815 3484 Cdaudio - ok
16:52:25.0846 3484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:52:25.0846 3484 Cdfs - ok
16:52:25.0846 3484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:52:25.0846 3484 Cdrom - ok
16:52:25.0862 3484 Changer - ok
16:52:25.0877 3484 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:52:25.0877 3484 CmBatt - ok
16:52:25.0877 3484 CmdIde - ok
16:52:25.0893 3484 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:52:25.0893 3484 Compbatt - ok
16:52:25.0908 3484 Cpqarray - ok
16:52:25.0940 3484 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
16:52:25.0940 3484 cvusbdrv - ok
16:52:25.0955 3484 dac2w2k - ok
16:52:25.0955 3484 dac960nt - ok
16:52:25.0971 3484 Darpan (32da4ed9aab7f280a902311e5f2dd25c) C:\WINDOWS\system32\DRIVERS\Darpan.sys
16:52:25.0971 3484 Darpan - ok
16:52:25.0987 3484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:25.0987 3484 Disk - ok
16:52:25.0987 3484 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
16:52:26.0002 3484 DLABMFSM - ok
16:52:26.0002 3484 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
16:52:26.0002 3484 DLABOIOM - ok
16:52:26.0018 3484 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:52:26.0018 3484 DLACDBHM - ok
16:52:26.0018 3484 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
16:52:26.0018 3484 DLADResM - ok
16:52:26.0033 3484 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
16:52:26.0033 3484 DLAIFS_M - ok
16:52:26.0049 3484 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
16:52:26.0049 3484 DLAOPIOM - ok
16:52:26.0049 3484 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
16:52:26.0049 3484 DLAPoolM - ok
16:52:26.0065 3484 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:52:26.0065 3484 DLARTL_M - ok
16:52:26.0080 3484 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
16:52:26.0080 3484 DLAUDFAM - ok
16:52:26.0080 3484 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
16:52:26.0080 3484 DLAUDF_M - ok
16:52:26.0112 3484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:52:26.0127 3484 dmboot - ok
16:52:26.0127 3484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:52:26.0127 3484 dmio - ok
16:52:26.0143 3484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:52:26.0143 3484 dmload - ok
16:52:26.0158 3484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:52:26.0158 3484 DMusic - ok
16:52:26.0174 3484 dpti2o - ok
16:52:26.0174 3484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:52:26.0174 3484 drmkaud - ok
16:52:26.0190 3484 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:52:26.0190 3484 DRVMCDB - ok
16:52:26.0205 3484 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:52:26.0205 3484 DRVNDDM - ok
16:52:26.0221 3484 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
16:52:26.0237 3484 e1kexpress - ok
16:52:26.0252 3484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:52:26.0252 3484 Fastfat - ok
16:52:26.0268 3484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:52:26.0268 3484 Fdc - ok
16:52:26.0268 3484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:52:26.0268 3484 Fips - ok
16:52:26.0283 3484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:52:26.0283 3484 Flpydisk - ok
16:52:26.0299 3484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:52:26.0315 3484 FltMgr - ok
16:52:26.0315 3484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:52:26.0315 3484 Fs_Rec - ok
16:52:26.0330 3484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:52:26.0330 3484 Ftdisk - ok
16:52:26.0346 3484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:52:26.0346 3484 GEARAspiWDM - ok
16:52:26.0362 3484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:52:26.0362 3484 Gpc - ok
16:52:26.0377 3484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:52:26.0377 3484 HDAudBus - ok
16:52:26.0393 3484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:52:26.0408 3484 hidusb - ok
16:52:26.0408 3484 hpn - ok
16:52:26.0424 3484 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:52:26.0440 3484 HSFHWAZL - ok
16:52:26.0455 3484 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:52:26.0471 3484 HSF_DPV - ok
16:52:26.0487 3484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:52:26.0487 3484 HTTP - ok
16:52:26.0502 3484 i2omgmt - ok
16:52:26.0502 3484 i2omp - ok
16:52:26.0533 3484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:52:26.0533 3484 i8042prt - ok
16:52:26.0580 3484 ialm (7df53bb1f78de5dca8ac842868d34b01) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:52:26.0612 3484 ialm - ok
16:52:26.0627 3484 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\DRIVERS\iastor.sys
16:52:26.0627 3484 iaStor - ok
16:52:26.0643 3484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:52:26.0643 3484 Imapi - ok
16:52:26.0658 3484 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\WINDOWS\system32\DRIVERS\Impcd.sys
16:52:26.0658 3484 Impcd - ok
16:52:26.0658 3484 ini910u - ok
16:52:26.0674 3484 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
16:52:26.0690 3484 IntcDAud - ok
16:52:26.0705 3484 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
16:52:26.0705 3484 IntcHdmiAddService - ok
16:52:26.0721 3484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:52:26.0721 3484 IntelIde - ok
16:52:26.0737 3484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:52:26.0737 3484 intelppm - ok
16:52:26.0752 3484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:52:26.0752 3484 Ip6Fw - ok
16:52:26.0783 3484 iPassP (468422b9137c884ab8fba05a590989d7) C:\WINDOWS\system32\DRIVERS\iPassP.sys
16:52:26.0799 3484 iPassP - ok
16:52:26.0846 3484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:52:26.0846 3484 IpFilterDriver - ok
16:52:26.0862 3484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:52:26.0862 3484 IpInIp - ok
16:52:26.0877 3484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:52:26.0877 3484 IpNat - ok
16:52:26.0893 3484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:52:26.0893 3484 IPSec - ok
16:52:26.0893 3484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:52:26.0893 3484 IRENUM - ok
16:52:26.0908 3484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:52:26.0908 3484 isapnp - ok
16:52:26.0908 3484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:52:26.0908 3484 Kbdclass - ok
16:52:26.0924 3484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:52:26.0924 3484 kbdhid - ok
16:52:26.0940 3484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:52:26.0955 3484 kmixer - ok
16:52:26.0955 3484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:52:26.0955 3484 KSecDD - ok
16:52:26.0971 3484 lbrtfdc - ok
16:52:27.0018 3484 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:52:27.0018 3484 mdmxsdk - ok
16:52:27.0018 3484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:27.0018 3484 mnmdd - ok
16:52:27.0033 3484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:52:27.0049 3484 Modem - ok
16:52:27.0065 3484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:52:27.0065 3484 Mouclass - ok
16:52:27.0096 3484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:52:27.0096 3484 mouhid - ok
16:52:27.0096 3484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:52:27.0096 3484 MountMgr - ok
16:52:27.0127 3484 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:52:27.0127 3484 MpFilter - ok
16:52:27.0174 3484 MpKsldbd1513d (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BF73171-7E45-401A-BA13-928FC6BEB706}\MpKsldbd1513d.sys
16:52:27.0174 3484 MpKsldbd1513d - ok
16:52:27.0190 3484 mraid35x - ok
16:52:27.0190 3484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:52:27.0190 3484 MRxDAV - ok
16:52:27.0205 3484 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:52:27.0221 3484 MRxSmb - ok
16:52:27.0221 3484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:52:27.0221 3484 Msfs - ok
16:52:27.0252 3484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:52:27.0252 3484 MSKSSRV - ok
16:52:27.0268 3484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:52:27.0268 3484 MSPCLOCK - ok
16:52:27.0283 3484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:52:27.0283 3484 MSPQM - ok
16:52:27.0299 3484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:52:27.0299 3484 mssmbios - ok
16:52:27.0330 3484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:52:27.0330 3484 MSTEE - ok
16:52:27.0346 3484 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:52:27.0346 3484 Mup - ok
16:52:27.0362 3484 mv2 (f55d6f81f17e80c40199fa8def018957) C:\WINDOWS\system32\DRIVERS\mv2.sys
16:52:27.0362 3484 mv2 - ok
16:52:27.0408 3484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:52:27.0408 3484 NABTSFEC - ok
16:52:27.0424 3484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:52:27.0424 3484 NDIS - ok
16:52:27.0440 3484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:52:27.0440 3484 NdisIP - ok
16:52:27.0455 3484 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:52:27.0455 3484 NdisTapi - ok
16:52:27.0471 3484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:52:27.0471 3484 Ndisuio - ok
16:52:27.0487 3484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:52:27.0487 3484 NdisWan - ok
16:52:27.0502 3484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:52:27.0502 3484 NDProxy - ok
16:52:27.0518 3484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:52:27.0518 3484 NetBIOS - ok
16:52:27.0533 3484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:52:27.0549 3484 NetBT - ok
16:52:27.0596 3484 NetwareWorkstation (47775e88ee6bdea803bb0edcb6612e4f) C:\WINDOWS\system32\NetWare\nwfs.sys
16:52:27.0596 3484 NetwareWorkstation - ok
16:52:27.0627 3484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:52:27.0627 3484 NIC1394 - ok
16:52:27.0627 3484 NICM (c501404558ea82e8a875de6331f0748d) C:\WINDOWS\system32\drivers\nicm.sys
16:52:27.0627 3484 NICM - ok
16:52:27.0643 3484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:52:27.0643 3484 Npfs - ok
16:52:27.0658 3484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:27.0674 3484 Ntfs - ok
16:52:27.0690 3484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:52:27.0690 3484 Null - ok
16:52:27.0705 3484 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys
16:52:27.0721 3484 NWDHCP - ok
16:52:27.0737 3484 NWDNS (5fe8761fe5fa3761f778fb8d7c0a6763) C:\WINDOWS\system32\NetWare\nwdns.sys
16:52:27.0752 3484 NWDNS - ok
16:52:27.0768 3484 NWFILTER (7bbf493e2b4979312fa5b350fcf5a4c4) C:\WINDOWS\system32\NetWare\nwfilter.sys
16:52:27.0783 3484 NWFILTER - ok
16:52:27.0799 3484 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys
16:52:27.0799 3484 NWHOST - ok
16:52:27.0815 3484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:27.0830 3484 NwlnkFlt - ok
16:52:27.0830 3484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:27.0830 3484 NwlnkFwd - ok
16:52:27.0846 3484 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
16:52:27.0862 3484 NWSAP - ok
16:52:27.0877 3484 NWSIPX32 (0c19ea7bf54f23ef37d8a14c61f64891) C:\WINDOWS\system32\NetWare\nwsipx32.sys
16:52:27.0908 3484 NWSIPX32 - ok
16:52:27.0908 3484 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys
16:52:27.0924 3484 NWSLP - ok
16:52:27.0940 3484 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys
16:52:27.0940 3484 NWSNS - ok
16:52:27.0955 3484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:52:27.0955 3484 ohci1394 - ok
16:52:27.0971 3484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:52:27.0971 3484 Parport - ok
16:52:27.0987 3484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:27.0987 3484 PartMgr - ok
16:52:27.0987 3484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:27.0987 3484 ParVdm - ok
16:52:28.0018 3484 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
16:52:28.0018 3484 PBADRV - ok
16:52:28.0033 3484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:28.0033 3484 PCI - ok
16:52:28.0033 3484 PCIDump - ok
16:52:28.0049 3484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:28.0049 3484 PCIIde - ok
16:52:28.0049 3484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:52:28.0065 3484 Pcmcia - ok
16:52:28.0065 3484 PDCOMP - ok
16:52:28.0080 3484 PDFRAME - ok
16:52:28.0080 3484 PDRELI - ok
16:52:28.0080 3484 PDRFRAME - ok
16:52:28.0096 3484 perc2 - ok
16:52:28.0096 3484 perc2hib - ok
16:52:28.0112 3484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:28.0112 3484 PptpMiniport - ok
16:52:28.0127 3484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:52:28.0127 3484 PSched - ok
16:52:28.0143 3484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:28.0143 3484 Ptilink - ok
16:52:28.0143 3484 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:52:28.0143 3484 PxHelp20 - ok
16:52:28.0158 3484 ql1080 - ok
16:52:28.0158 3484 Ql10wnt - ok
16:52:28.0158 3484 ql12160 - ok
16:52:28.0174 3484 ql1240 - ok
16:52:28.0174 3484 ql1280 - ok
16:52:28.0190 3484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:28.0190 3484 RasAcd - ok
16:52:28.0205 3484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:28.0205 3484 Rasl2tp - ok
16:52:28.0205 3484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:28.0205 3484 RasPppoe - ok
16:52:28.0221 3484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:28.0221 3484 Raspti - ok
16:52:28.0221 3484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:28.0237 3484 Rdbss - ok
16:52:28.0237 3484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:28.0237 3484 RDPCDD - ok
16:52:28.0252 3484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:28.0268 3484 rdpdr - ok
16:52:28.0299 3484 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:28.0299 3484 RDPWD - ok
16:52:28.0315 3484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:28.0330 3484 redbook - ok
16:52:28.0330 3484 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys
16:52:28.0362 3484 RESMGR - ok
16:52:28.0377 3484 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:52:28.0377 3484 rimmptsk - ok
16:52:28.0408 3484 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
16:52:28.0408 3484 risdpcie - ok
16:52:28.0424 3484 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:52:28.0424 3484 sdbus - ok
16:52:28.0455 3484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:28.0455 3484 Secdrv - ok
16:52:28.0471 3484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:52:28.0471 3484 serenum - ok
16:52:28.0487 3484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:52:28.0487 3484 Serial - ok
16:52:28.0502 3484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:52:28.0502 3484 Sfloppy - ok
16:52:28.0518 3484 Simbad - ok
16:52:28.0549 3484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:52:28.0565 3484 SLIP - ok
16:52:28.0565 3484 Sparrow - ok
16:52:28.0596 3484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:52:28.0596 3484 splitter - ok
16:52:28.0596 3484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:52:28.0612 3484 sr - ok
16:52:28.0627 3484 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:52:28.0627 3484 Srv - ok
16:52:28.0658 3484 SRVLOC (21d0242d37ab7b275261ed030adaaad5) C:\WINDOWS\system32\NetWare\srvloc.sys
16:52:28.0658 3484 SRVLOC - ok
16:52:28.0674 3484 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
16:52:28.0674 3484 stdcfltn - ok
16:52:28.0737 3484 STHDA (72c411579358a57941f8d0b3a67175b4) C:\WINDOWS\system32\drivers\sthda.sys
16:52:28.0768 3484 STHDA - ok
16:52:28.0799 3484 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:52:28.0799 3484 StillCam - ok
16:52:28.0815 3484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:52:28.0815 3484 streamip - ok
16:52:28.0830 3484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:52:28.0830 3484 swenum - ok
16:52:28.0846 3484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:52:28.0846 3484 swmidi - ok
16:52:28.0846 3484 symc810 - ok
16:52:28.0862 3484 symc8xx - ok
16:52:28.0862 3484 sym_hi - ok
16:52:28.0877 3484 sym_u3 - ok
16:52:28.0908 3484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:52:28.0924 3484 sysaudio - ok
16:52:28.0940 3484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:52:28.0940 3484 Tcpip - ok
16:52:28.0971 3484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:52:28.0971 3484 TDPIPE - ok
16:52:28.0987 3484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:52:28.0987 3484 TDTCP - ok
16:52:28.0987 3484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:52:28.0987 3484 TermDD - ok
16:52:29.0002 3484 TosIde - ok
16:52:29.0018 3484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:52:29.0018 3484 Udfs - ok
16:52:29.0033 3484 ultra - ok
16:52:29.0049 3484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:52:29.0049 3484 Update - ok
16:52:29.0096 3484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:52:29.0096 3484 USBAAPL - ok
16:52:29.0112 3484 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:52:29.0112 3484 usbccgp - ok
16:52:29.0143 3484 USBCCID (64ca8ed4b0980aae46beb3727046e860) C:\WINDOWS\system32\DRIVERS\usbccid.sys
16:52:29.0143 3484 USBCCID - ok
16:52:29.0158 3484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:52:29.0158 3484 usbehci - ok
16:52:29.0174 3484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:52:29.0174 3484 usbhub - ok
16:52:29.0221 3484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:52:29.0221 3484 usbscan - ok
16:52:29.0221 3484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:52:29.0221 3484 USBSTOR - ok
16:52:29.0252 3484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:52:29.0252 3484 usbuhci - ok
16:52:29.0283 3484 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:52:29.0283 3484 usbvideo - ok
16:52:29.0315 3484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:52:29.0315 3484 VgaSave - ok
16:52:29.0315 3484 ViaIde - ok
16:52:29.0362 3484 VNA (48007916b1d0dab3e6c0d701de7c4afb) C:\WINDOWS\system32\DRIVERS\vna.sys
16:52:29.0362 3484 VNA - ok
16:52:29.0377 3484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:52:29.0377 3484 VolSnap - ok
16:52:29.0408 3484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:52:29.0408 3484 Wanarp - ok
16:52:29.0424 3484 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:52:29.0424 3484 WDC_SAM - ok
16:52:29.0455 3484 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:52:29.0455 3484 Wdf01000 - ok
16:52:29.0471 3484 WDICA - ok
16:52:29.0487 3484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:52:29.0487 3484 wdmaud - ok
16:52:29.0518 3484 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:52:29.0533 3484 winachsf - ok
16:52:29.0549 3484 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:52:29.0549 3484 WmiAcpi - ok
16:52:29.0565 3484 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:52:29.0565 3484 WS2IFSL - ok
16:52:29.0580 3484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:52:29.0580 3484 WSTCODEC - ok
16:52:29.0612 3484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:52:29.0612 3484 WudfPf - ok
16:52:29.0627 3484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:52:29.0627 3484 WudfRd - ok
16:52:29.0643 3484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:52:29.0846 3484 \Device\Harddisk0\DR0 - ok
16:52:29.0877 3484 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
16:52:29.0877 3484 \Device\Harddisk1\DR3 - ok
16:52:29.0877 3484 Boot (0x1200) (c8755dc137b73e212200a066900551d6) \Device\Harddisk0\DR0\Partition0
16:52:29.0893 3484 \Device\Harddisk0\DR0\Partition0 - ok
16:52:29.0893 3484 Boot (0x1200) (40b8bf9aa36b89d9f0014fdaf8f7c73d) \Device\Harddisk1\DR3\Partition0
16:52:29.0893 3484 \Device\Harddisk1\DR3\Partition0 - ok
16:52:29.0893 3484 ============================================================
16:52:29.0893 3484 Scan finished
16:52:29.0893 3484 ============================================================
16:52:29.0893 5620 Detected object count: 0
16:52:29.0893 5620 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 25 January 2012 - 06:59 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

DDS::
uStart Page = hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26


Firefox::
FF - ProfilePath - c:\documents and settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com?a=6R8hlwHznP&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/?loc=IB_DS&a=6R8hlwHznP&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8hlwHznP&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.hardId - fc4d855800000000000054905045120d
FF - user.js: extensions.incredibar_i.instlDay - 15358
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:07
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8hlwHznP
FF - user.js: extensions.incredibar_i.upn2n - 92823703116451737
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 26 January 2012 - 09:58 AM

Unfortunately still getting incredibar redirect after following your instructions:


ComboFix 12-01-23.02 - rpatterson 01/26/2012 9:44.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2631 [GMT -5:00]
Running from: c:\documents and settings\rpatterson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rpatterson\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 14:34 . 2012-01-26 14:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BF73171-7E45-401A-BA13-928FC6BEB706}\MpKsl7c0832fd.sys
2012-01-25 19:37 . 2012-01-25 19:37 -------- d-----w- c:\documents and settings\rpatterson\Application Data\smkits
2012-01-25 19:33 . 2012-01-06 01:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-25 19:32 . 2012-01-06 01:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BF73171-7E45-401A-BA13-928FC6BEB706}\mpengine.dll
2012-01-24 19:20 . 2012-01-24 19:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 19:20 . 2012-01-24 19:20 -------- d-----w- C:\MS-SecEss-Delivery-Folder
2012-01-24 13:00 . 2012-01-24 13:00 0 ----a-w- c:\windows\invcol.tmp
2012-01-20 17:33 . 2012-01-20 17:33 388096 ----a-r- c:\documents and settings\rpatterson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-20 17:33 . 2012-01-20 17:33 -------- d-----w- c:\program files\Trend Micro
2012-01-19 20:07 . 2012-01-19 20:07 447 ----a-w- C:\user.js
2012-01-19 20:06 . 2012-01-20 17:35 -------- d-----w- c:\documents and settings\rpatterson\Application Data\Eltima Software
2012-01-17 21:13 . 2012-01-17 21:13 -------- d-----w- C:\MalwareBytes-Uninstall-Folder
2012-01-17 15:52 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-01-17 15:52 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-01-17 15:52 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-17 15:52 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 14:50 . 2009-10-03 09:30 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-26 14:50 . 2009-10-03 19:58 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-25 22:00 . 2010-02-04 20:20 6 ----a-w- c:\windows\system32\wbem\TempWmicBatchFile.bat
2012-01-04 09:26 . 2010-02-04 20:21 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-14 12:00 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-05-31 14:38 . 2011-05-31 14:38 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-05-31 14:38 . 2011-05-31 14:38 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2011-05-24 14:35 . 2011-05-24 14:36 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-01-25_19.22.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-26 14:50 . 2012-01-26 14:50 16384 c:\windows\temp\Perflib_Perfdata_7b8.dat
- 2008-04-14 12:00 . 2012-01-23 16:30 72832 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-01-26 14:37 72832 c:\windows\system32\perfc009.dat
- 2012-01-25 19:21 . 2008-12-09 20:15 14598 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat
+ 2012-01-26 14:50 . 2008-12-09 20:15 14598 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat
+ 2012-01-26 14:50 . 2008-12-09 20:15 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat
- 2012-01-25 19:21 . 2008-12-09 20:15 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat
+ 2008-04-14 12:00 . 2012-01-26 14:37 444740 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-01-23 16:30 444740 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-13 39408]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-06-13 402744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"Nalview"="c:\program files\Novell\ZENworks\NalView.exe" [2005-01-24 35840]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-26 2670592]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 145432]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-19 495708]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\rpatterson\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-01-25 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kwinhook]
2011-09-21 16:53 60008 ----a-w- c:\windows\system32\KWinHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 17:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.2.20100729-1241\\win32\\x86\\notes2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\rpatterson\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2/14/2011 1:55 PM 17648]
R1 MpKsl7c0832fd;MpKsl7c0832fd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BF73171-7E45-401A-BA13-928FC6BEB706}\MpKsl7c0832fd.sys [1/26/2012 9:34 AM 29904]
R2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [9/21/2011 11:53 AM 2753640]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [1/17/2005 11:23 AM 6899]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [11/2/2009 6:43 PM 353672]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [3/24/2010 12:09 AM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [3/24/2010 12:09 AM 27040]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [11/22/2004 12:07 PM 163840]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2/4/2010 3:14 PM 59904]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [8/24/2011 9:44 AM 1693128]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [1/10/2005 12:36 PM 61440]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2/14/2011 1:55 PM 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2/4/2010 3:14 PM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2/14/2011 1:55 PM 33832]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [1/10/2005 10:37 AM 2773]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/8/2010 5:31 PM 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [10/8/2010 5:32 PM 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [10/8/2010 5:32 PM 235520]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [8/24/2011 9:44 AM 10688]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [11/2/2009 6:43 PM 129304]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:33 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 4:33 PM 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/4/2010 3:15 PM 109568]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:33]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:33]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040Core.job
- c:\documents and settings\rpatterson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 22:18]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040UA.job
- c:\documents and settings\rpatterson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 22:18]
.
2012-01-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.1.3.1 10.1.3.2
FF - ProfilePath - c:\documents and settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: ocplugin: ocplugin@webex.com - c:\program files\WebEx\Productivity Tools
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 09:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\kwinhook.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(4684)
c:\windows\system32\WININET.dll
c:\documents and settings\rpatterson\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\IDT\WDM\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\notes\nslsvice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\notes\ntmulti.exe
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Novell\ZENworks\wm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\WebEx\Productivity Tools\ptSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
.
**************************************************************************
.
Completion time: 2012-01-26 09:56:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-26 14:56
ComboFix2.txt 2012-01-25 19:26
.
Pre-Run: 278,541,242,368 bytes free
Post-Run: 278,526,566,400 bytes free
.
- - End Of File - - B354312CE9688EE3E04EDBC5E56047E2

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 26 January 2012 - 10:18 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 26 January 2012 - 03:43 PM

OTL logfile created on: 1/26/2012 3:40:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rpatterson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 53.50% Memory free
5.26 Gb Paging File | 3.69 Gb Available in Paging File | 70.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 259.50 Gb Free Space | 87.07% Space Free | Partition Type: NTFS
Drive E: | 930.86 Gb Total Space | 446.94 Gb Free Space | 48.01% Space Free | Partition Type: NTFS
Drive F: | 9.70 Gb Total Space | 0.53 Gb Free Space | 5.47% Space Free | Partition Type: NWFS
Drive G: | 3764.56 Gb Total Space | 2289.09 Gb Free Space | 60.81% Space Free | Partition Type: NWFS
Drive H: | 7529.51 Gb Total Space | 325.59 Gb Free Space | 4.32% Space Free | Partition Type: NWFS
Drive I: | 3764.56 Gb Total Space | 2289.09 Gb Free Space | 60.81% Space Free | Partition Type: NWFS
Drive N: | 3764.56 Gb Total Space | 2289.09 Gb Free Space | 60.81% Space Free | Partition Type: NWFS
Drive Z: | 9.70 Gb Total Space | 0.53 Gb Free Space | 5.47% Space Free | Partition Type: NWFS

Computer Name: RPATTERSON | User Name: rpatterson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\rpatterson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Dell\KACE\AMPAgent.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\WebEx\Productivity Tools\ptsrv.exe (Cisco WebEx LLC)
PRC - C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
PRC - C:\Program Files\Microsoft Office 2007\Office12\POWERPNT.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Notes\ntaskldr.exe (IBM Corp)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\Notes\nsd.exe (IBM)
PRC - C:\Notes\nlnotes.exe (IBM Corp)
PRC - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe (IBM)
PRC - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
PRC - C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe (iPass, Inc.)
PRC - C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe (iPass, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Program Files\Microsoft Office 2007\Office12\MSTORDB.EXE (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll ()
MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avutil-51.dll ()
MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avformat-53.dll ()
MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\avcodec-53.dll ()
MOD - C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\528\1\.cp\os\win32\NativeNetInfo.dll ()
MOD - C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.ui.win32.win32.x86_8.0.2.20100802-0849\os\win32\x86\Win32WindowUtils2.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.2.20100729-1241\swtxpcom.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.ui.browser.launcher_6.2.2.20100729-1241\os\win32\x86\browserlauncher.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.2.20100729-1241\os\win32\x86\comex.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.2.20100729-1241\os\win32\x86\os.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\eclipse_1114.dll ()
MOD - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\Program Files\iPass\IRIS Version III\libeay32.dll ()
MOD - C:\Notes\zlib1.dll ()
MOD - C:\Notes\libpng13.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\Program Files\Novell\ZENworks\nls\english\NalRes.dll ()
MOD - C:\Program Files\Novell\ZENworks\nls\english\NalUIRes.dll ()
MOD - C:\WINDOWS\system32\nls\ENGLISH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\novell\novdhcp.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AMPAgent) -- C:\Program Files\Dell\KACE\AMPAgent.exe (Dell Inc.)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Multi-user Cleanup Service) -- C:\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Notes\nsd.exe (IBM)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (cpextender) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
SRV - (iPassConnectEngine) -- C:\Program Files\iPass\IRIS Version III\iPassConnectEngine.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateApp) -- C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateApp.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateService) -- C:\Program Files\iPass\IRIS Version III\iPassPeriodicUpdateService.exe (iPass, Inc.)
SRV - (uvnc_service) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl7c0832fd) -- File not found
DRV - (catchme) -- File not found
DRV - (MpKsl4044add1) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3434B3A-DE51-40F0-96CD-79E2B29C8A90}\MpKsl4044add1.sys (Microsoft Corporation)
DRV - (iPassP) iPass Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\iPassP.sys (Cisco Systems, Inc.)
DRV - (Acceler) -- C:\WINDOWS\system32\drivers\Accelern.sys (ST Microelectronics)
DRV - (stdcfltn) -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys (ST Microelectronics)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (e1kexpress) Intel® -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (risdpcie) -- C:\WINDOWS\system32\drivers\risdpe86.sys (REDC)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (Impcd) -- C:\WINDOWS\system32\drivers\Impcd.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (IntcDAud) Intel® -- C:\WINDOWS\system32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: ocplugin@webex.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rooms.hp.com: C:\Program Files\Hewlett-Packard\HP Virutal Rooms Client Launcher Plugin\nphpvrl.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/18 10:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 10:59:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ocplugin@webex.com: C:\Program Files\WebEx\Productivity Tools\ [2012/01/26 10:52:37 | 000,000,000 | ---D | M]

[2011/02/15 12:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Extensions
[2012/01/26 10:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions
[2011/02/22 12:09:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/19 15:07:07 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com
[2011/02/23 13:22:38 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\foxmarks@kei.com
[2012/01/19 15:06:59 | 000,002,191 | ---- | M] () -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\searchplugins\MyStart Search.xml
[2012/01/26 10:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/17 09:08:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/27 16:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/14 16:49:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/23 14:33:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/07 12:43:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/25 09:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/02/04 15:29:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/26 10:52:37 | 000,000,000 | ---D | M] (ocplugin) -- C:\PROGRAM FILES\WEBEX\PRODUCTIVITY TOOLS
[2011/05/31 09:38:03 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/05/31 09:38:03 | 000,449,848 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/05/24 09:35:59 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/24 09:35:53 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/?loc=IB_DS&search={searchTerms}&a=6R8hlwHznP&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\1.0_0\
CHR - Extension: Remember The Milk = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni\3_0\
CHR - Extension: 1-ClickWeather for Chrome = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\
CHR - Extension: Meeting Planner for Chrome = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdolpghnnmndklcpmhdaenaabbpgkbik\2.0_0\
CHR - Extension: bitly | a simple URL shortener = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0\
CHR - Extension: Downloads = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: MOG Music = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgljcanfdcmdnncaneopdlcgjlkgpenj\0.9.9_0\
CHR - Extension: Chrome Flags = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhejngphiacapbgllhagbpdkkdieeaej\1.4_0\
CHR - Extension: Poppit = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Mail Checker = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.1_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Click to shrink all links in the bookmarks-bar automatically into icons only. = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olpcoijhnioeaopipiblnmjlckcbbfhm\1.0.0_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.1.20.4691_0\

O1 HOSTS File: ([2012/01/26 09:52:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nalview] C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - Startup: C:\Documents and Settings\rpatterson\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\rpatterson\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: insideidc.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: insideidc.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: insideidc.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-2736876806-1413094951-2631490221-1040\..Trusted Domains: insideidc.com ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254598088640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.3.1 10.1.3.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = insideidc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11D95BBB-EDDC-48C2-8829-5E92BE083CAA}: DhcpNameServer = 10.1.3.1 10.1.3.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECFF402-8611-45ED-A899-243AC979075E}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\kwinhook: DllName - (kwinhook.dll) - C:\WINDOWS\System32\KWinHook.dll (Dell Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) -C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/03 08:42:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 15:39:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rpatterson\Desktop\OTL.exe
[2012/01/26 09:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rpatterson\Application Data\smkits
[2012/01/26 09:49:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/25 16:52:04 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\rpatterson\Desktop\tdsskiller.exe
[2012/01/25 14:14:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/25 14:11:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 14:11:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 14:11:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 14:11:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 14:11:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 14:11:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 14:08:26 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\rpatterson\Desktop\ComboFix.exe
[2012/01/24 14:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/24 14:20:22 | 000,000,000 | ---D | C] -- C:\MS-SecEss-Delivery-Folder
[2012/01/24 10:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rpatterson\Desktop\Shell
[2012/01/23 11:21:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rpatterson\Desktop\TFC.exe
[2012/01/23 09:51:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rpatterson\Start Menu\Programs\Administrative Tools
[2012/01/20 12:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/20 12:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rpatterson\Start Menu\Programs\HiJackThis
[2012/01/19 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rpatterson\Application Data\Eltima Software
[2012/01/17 16:13:43 | 000,000,000 | ---D | C] -- C:\MalwareBytes-Uninstall-Folder
[2012/01/17 10:52:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/01/17 10:52:51 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/01/17 10:52:45 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/10/08 17:31:57 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 15:43:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040UA.job
[2012/01/26 15:39:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rpatterson\Desktop\OTL.exe
[2012/01/26 15:38:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/26 15:36:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/26 15:34:49 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/01/26 14:38:52 | 000,001,250 | ---- | M] () -- C:\personfolders.xml
[2012/01/26 09:56:27 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/26 09:55:51 | 000,444,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/26 09:55:51 | 000,072,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/26 09:52:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/26 09:51:59 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 09:50:51 | 000,001,182 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/01/26 09:50:50 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2012/01/26 09:50:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2012/01/26 09:50:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 09:43:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2736876806-1413094951-2631490221-1040Core.job
[2012/01/25 16:52:12 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\rpatterson\Desktop\tdsskiller.exe
[2012/01/25 15:42:06 | 000,040,411 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\Patterson Auto Dec Page.pdf
[2012/01/25 14:14:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/25 14:10:52 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\rpatterson\Desktop\ComboFix.exe
[2012/01/25 13:35:18 | 000,289,431 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\225865.pdf
[2012/01/25 12:42:25 | 000,341,694 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\FIN228175.pdf
[2012/01/24 14:20:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/24 13:51:56 | 000,085,506 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\EVP Focus Forms 2012.pdf
[2012/01/23 15:54:32 | 000,103,029 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\outdoor install.jpg
[2012/01/23 13:50:15 | 000,524,961 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\228252.pdf
[2012/01/23 12:38:07 | 004,510,770 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\2012 IT Executive Programs Brochure.pdf
[2012/01/23 11:21:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rpatterson\Desktop\TFC.exe
[2012/01/20 12:33:59 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\HiJackThis.lnk
[2012/01/20 10:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/19 15:07:09 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/01/18 16:21:12 | 000,103,394 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\PG&E ITAP agreement counter-signed 110128.pdf
[2012/01/17 09:15:19 | 000,328,304 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\Ruggedized Devices WP IDC 2010.pdf
[2012/01/17 09:14:37 | 000,824,981 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\IDC Smart Metering.pdf
[2012/01/12 18:14:12 | 000,388,139 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\IDC Predictions 2012 Competing for 2020.pdf
[2012/01/12 18:05:03 | 000,299,853 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\CEMA17351.pdf
[2012/01/12 14:39:15 | 000,443,589 | ---- | M] () -- C:\Documents and Settings\rpatterson\Desktop\231365.pdf
[2012/01/11 18:06:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/04 17:53:59 | 000,002,178 | ---- | M] () -- C:\Documents and Settings\rpatterson\.recently-used.xbel
[2012/01/04 04:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 10:02:28 | 000,001,250 | ---- | C] () -- C:\personfolders.xml
[2012/01/25 15:42:08 | 000,040,411 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\Patterson Auto Dec Page.pdf
[2012/01/25 14:14:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/25 14:14:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 14:11:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 14:11:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 14:11:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 14:11:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 14:11:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 13:35:21 | 000,289,431 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\225865.pdf
[2012/01/25 12:42:27 | 000,341,694 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\FIN228175.pdf
[2012/01/24 14:25:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/24 14:20:40 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/24 13:51:59 | 000,085,506 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\EVP Focus Forms 2012.pdf
[2012/01/23 15:54:39 | 000,103,029 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\outdoor install.jpg
[2012/01/23 13:50:18 | 000,524,961 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\228252.pdf
[2012/01/23 12:38:07 | 004,510,770 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\2012 IT Executive Programs Brochure.pdf
[2012/01/20 12:33:59 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\HiJackThis.lnk
[2012/01/19 15:07:08 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/01/18 16:21:14 | 000,103,394 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\PG&E ITAP agreement counter-signed 110128.pdf
[2012/01/17 09:15:30 | 000,328,304 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\Ruggedized Devices WP IDC 2010.pdf
[2012/01/17 09:14:37 | 000,824,981 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\IDC Smart Metering.pdf
[2012/01/12 18:14:32 | 000,388,139 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\IDC Predictions 2012 Competing for 2020.pdf
[2012/01/12 18:05:05 | 000,299,853 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\CEMA17351.pdf
[2012/01/12 14:39:15 | 000,443,589 | ---- | C] () -- C:\Documents and Settings\rpatterson\Desktop\231365.pdf
[2012/01/04 17:53:59 | 000,002,178 | ---- | C] () -- C:\Documents and Settings\rpatterson\.recently-used.xbel
[2012/01/04 12:32:22 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/05/23 14:03:42 | 000,040,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/02 19:04:37 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2011/02/25 11:32:22 | 000,001,832 | ---- | C] () -- C:\Documents and Settings\rpatterson\Local Settings\Application Data\SLC_rpatterson.prx
[2011/02/15 14:10:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/14 17:11:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\notes.ini
[2011/02/14 16:40:02 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2011/02/14 13:55:43 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2011/02/14 13:55:43 | 000,206,216 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
[2011/02/14 13:55:34 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2010/10/08 17:31:59 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/10/08 17:31:57 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/10/08 17:31:54 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/10/08 13:08:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\EvtMessage.dll
[2010/10/01 13:26:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/12 12:22:44 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/02/04 15:15:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/02/04 15:15:37 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/02/04 15:15:37 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/02/04 15:15:09 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/02/04 15:15:06 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/11/06 10:29:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/03 14:42:50 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/03 14:42:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/03 14:21:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/03 14:21:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/10/03 14:21:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/10/03 14:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 14:20:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2009/10/03 14:20:16 | 000,002,293 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/10/03 14:04:50 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2009/10/03 14:01:18 | 000,002,757 | R--- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2009/10/03 14:01:14 | 000,216,064 | R--- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2009/10/03 14:01:13 | 000,245,843 | R--- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2009/10/03 14:01:13 | 000,001,724 | R--- | C] () -- C:\WINDOWS\System32\vipx.exe
[2009/10/03 14:01:11 | 000,065,619 | R--- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2009/10/03 14:01:11 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2009/10/03 09:05:41 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2009/10/03 09:05:41 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\wsname.exe
[2009/10/03 09:05:41 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\tail.exe
[2009/10/03 09:05:41 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\ldapsearch.exe
[2009/10/03 08:45:43 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/10/03 08:43:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/03 08:40:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/03 04:31:46 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/03 04:30:29 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/03 04:30:24 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2008/04/14 07:00:00 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk(2).exe
[2008/04/14 07:00:00 | 000,444,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,072,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/30 12:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2004/03/16 13:09:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/16 13:08:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/04/17 13:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2001/10/23 09:14:28 | 000,012,736 | ---- | C] () -- C:\WINDOWS\System32\cmdinfo.exe
[2000/01/20 08:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/08/07 00:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1999/07/22 18:07:38 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/05/14 08:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 07:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:35 PM

Posted 26 January 2012 - 04:22 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\rpatterson\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
    [2012/01/19 15:07:07 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com
    [2012/01/19 15:06:59 | 000,002,191 | ---- | M] () -- C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\searchplugins\MyStart Search.xml
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/?loc=IB_DS&search={searchTerms}&a=6R8hlwHznP&i=26
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 27 January 2012 - 11:03 AM

Incredibar redirect on search still happening.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=8\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Prefs.js: ffxtlbr@incredibar.com:1.5.0 removed from extensions.enabledItems
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com\defaults folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Documents and Settings\rpatterson\Application Data\Mozilla\Firefox\Profiles\y697l5cd.default\searchplugins\MyStart Search.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\rpatterson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\rpatterson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 5810 bytes
->Temporary Internet Files folder emptied: 616028 bytes

User: rpatterson
->Temp folder emptied: 9162026 bytes
->Temporary Internet Files folder emptied: 147556 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28411313 bytes
->Google Chrome cache emptied: 374375694 bytes
->Flash cache emptied: 3053 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 506880 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12415 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 394.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: rpatterson
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: rpatterson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_104538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 27 January 2012 - 11:05 AM

FYI this is happening in Chrome, my primary browser, but now does not appear to be happening in FF or IE (which I rarely use), so I think we are on the right track - can you find the Chrome files to remove?

#15 fastirwin

fastirwin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 27 January 2012 - 11:08 AM

these three lines should be the problem right?
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/?loc=IB_DS&search={searchTerms}&a=6R8hlwHznP&i=26
CHR - default_search_provider: suggest_url =




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users