[Resolved] cant run any virus software including hijackthis

Computer forums for help with removing malicious software (malware) and improving computer security

grin Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

[Resolved] cant run any virus software including hijackthis

Options

raymon823 View Member Profile	Jun 21 2009, 05:05 PM Post #1
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	every thing seems to working fine just cant run any scans and all firewalls except windows firewall and windows defender wont open. I received an alert from norton that a vundo2 file was found and removed and after that my firewall hasnt worked along with any other program that has anything to do with a virus. The only programs that has worked id windows firewall and windows defender and that carp** hasnt found any problems. I tried to run hiyjackthis and even that wont open.

raymon823 View Member Profile	Jun 21 2009, 05:16 PM Post #2
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	I tried to fix the problem using the self help section, the only program I was able to run was the atf cleaner. Hijackthis and combo fix would not run. I tried several different routes (viruses) just to see if I could get any programs to run but none worked Ive had vundo before but I think I removed vundo fix from my computer. Im stumped on this one

Doug View Member Profile	Jun 21 2009, 05:21 PM Post #3
Tech Team Group: Administrator Posts: 6,197 Joined: 15-May 05 From: California Member No.: 32,477 Operating System: Win98, Win2k Pro, XP Pro, XP Home	I'll move this over to the Malware Removal Forum.

oldman960 View Member Profile	Jun 21 2009, 07:33 PM Post #4
SuperMember Group: Classroom Teacher Posts: 3,708 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi raymon823, welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked to It is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop Next Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to your desktop. --------------------------------------------------- Please include the contents of the following in your next reply: DDS.txt Please attach the second file; Attach.txt. To attach a file, do the following: Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post Please post back with GMER log both DDS logs Thanks

raymon823 View Member Profile	Jun 23 2009, 05:02 PM Post #5
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	when i run dds it opens in note pad im not sure if this is correct, I disabled my windows firewall ant tried but I get the same thing. Im not sure if I disabled the script blocking how would I go about doing it correctly.

raymon823 View Member Profile	Jun 23 2009, 05:42 PM Post #6
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	here is the gmer log GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-23 18:48:14 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT 86E3C708 ZwAlertResumeThread SSDT 86CAD550 ZwAlertThread SSDT 864B7D30 ZwAllocateVirtualMemory SSDT 86C62E08 ZwAssignProcessToJobObject SSDT 86CBE2E8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3595040] SSDT 8650F908 ZwCreateMutant SSDT 86C5BAF0 ZwCreateSymbolicLinkObject SSDT 86BC3B58 ZwCreateThread SSDT 86CF5D70 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF35952C0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3595820] SSDT 864BA7C8 ZwDuplicateObject SSDT 864B4D30 ZwFreeVirtualMemory SSDT 865A0F70 ZwImpersonateAnonymousToken SSDT 86567260 ZwImpersonateThread SSDT 86D13730 ZwLoadDriver SSDT 86CB10B8 ZwMapViewOfSection SSDT 864E9CE0 ZwOpenEvent SSDT 86C71138 ZwOpenProcess SSDT 86C7EA28 ZwOpenProcessToken SSDT 864C9CE0 ZwOpenSection SSDT 864BABF0 ZwOpenThread SSDT 8650BD30 ZwProtectVirtualMemory SSDT 86578300 ZwResumeThread SSDT 86C7D120 ZwSetContextThread SSDT 864B44E0 ZwSetInformationProcess SSDT 85A899F8 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3595A70] SSDT 864CACE0 ZwSuspendProcess SSDT 864B6108 ZwSuspendThread SSDT 86C770C0 ZwTerminateProcess SSDT 86E6DBA0 ZwTerminateThread SSDT 86C7B238 ZwUnmapViewOfSection SSDT 864B7908 ZwWriteVirtualMemory Code 86C78AE0 ZwEnumerateKey Code 86CCB010 ZwFlushInstructionCache Code 86C78A06 IofCallDriver Code 86C75646 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 86C78A0B .text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86C7564B .text ntoskrnl.exe!ZwYieldExecution + F2 804E492C 4 Bytes CALL ADD51513 .text ntoskrnl.exe!ZwYieldExecution + 172 804E49AC 2 Bytes [C0, 52] .text ntoskrnl.exe!ZwYieldExecution + 17A 804E49B4 2 Bytes [20, 58] PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 86C78AE4 PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 86CCB014 ? SYMEFA.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[3460] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys (* hidden * ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2e8940d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2e8940d@0012373f7114 0x35 0xBE 0x7C 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2e8940d@0050f2e86e42 0x88 0x4A 0xD9 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXxtoapraqkywifivektwvywjnulolyoyk.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXgcnayqefgsbflfwwfpehacgceurmigiw.dll Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0050f2e8940d Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0050f2e8940d@0012373f7114 0x35 0xBE 0x7C 0x7D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0050f2e8940d@0050f2e86e42 0x88 0x4A 0xD9 0x36 ... Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXxtoapraqkywifivektwvywjnulolyoyk.dll Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXgcnayqefgsbflfwwfpehacgceurmigiw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@appinit_dlls ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys 77824 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\MSIVXcount 4 bytes File C:\WINDOWS\system32\MSIVXgcnayqefgsbflfwwfpehacgceurmigiw.dll 54272 bytes executable File C:\WINDOWS\system32\MSIVXxtoapraqkywifivektwvywjnulolyoyk.dll 25600 bytes executable ---- EOF - GMER 1.0.15 ----

oldman960 View Member Profile	Jun 24 2009, 04:23 AM Post #7
SuperMember Group: Classroom Teacher Posts: 3,708 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi GMER shows a rootkit infection. But before we deal with it I would like to see a log so we can see what else we are up against. When you run DDS, you should see a black window with some text in it and a blinking white cursor. A few minutes later a notepad should open with the log. Is this what you are seeing? If so, please post thse logs. If not we can use a different scanner Download OTL to your desktop. Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Thanks

raymon823 View Member Profile	Jun 24 2009, 06:06 PM Post #8
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	OTL logfile created on: 6/24/2009 8:03:44 PM - Run 1 OTL by OldTimer - Version 3.0.5.2 Folder = C:\Documents and Settings\Adrian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory \| 471.04 Mb Available Physical Memory \| 46.05% Memory free 2.41 Gb Paging File \| 1.79 Gb Available in Paging File \| 74.27% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 279.47 Gb Total Space \| 160.88 Gb Free Space \| 57.57% Space Free \| Partition Type: NTFS Drive D: \| 279.47 Gb Total Space \| 4.70 Gb Free Space \| 1.68% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Unable to calculate disk information. H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADRIAN-AC2E4A6E Current User Name: Adrian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehrecvr.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) PRC - C:\Documents and Settings\Adrian\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (0185631239168951mcinstcleanup [Auto \| Stopped]) -- File not found SRV - (AdobeActiveFileMonitor6.0 [Auto \| Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EraserSvc10910 [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (ioloFileInfoList [Auto \| Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe () SRV - (ioloSystemService [Auto \| Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe () SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LBTServ [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (McrdSvc [Auto \| Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service [On_Demand \| Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Norton Internet Security [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (odserv [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (spkrmon [Auto \| Running]) -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aeaudio [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (AN983 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\AN983.sys (ADMtek Incorporated.) DRV - (ATIAVPCI [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\atinavrr.sys (ATI Technologies Inc.) DRV - (BHDrvx86 [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation) DRV - (ccHP [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (eeCtrl [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (FileDisk [System \| Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén)) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HSFHWBS2 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (IDSxpx86 [System \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090618.002\IDSxpx86.sys (Symantec Corporation) DRV - (IrBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation) DRV - (L8042Kbd [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV - (LHidFilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV - (LNE100 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LNE100V5.sys (LinkSys Group Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MPE [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation) DRV - (NAVENG [On_Demand \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX15.SYS (Symantec Corporation) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvport [System \| Running]) -- C:\WINDOWS\System32\Drivers\nvport.sys (NVIDIA Corporation.) DRV - (OMCI [System \| Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Point32 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SbcpHid [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\SbcpHid.sys () DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (smwdm [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (SRTSP [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation) DRV - (SymEFA [Boot \| Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMIDS.SYS (Symantec Corporation) DRV - (SymIM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SymIMMP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SYMNDIS [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation) DRV - (usb_rndisx [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV - (wceusbsh [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/11 14:04:23 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/08 22:58:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/09 21:22:45 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [Uniblue Registry Booster2] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &D&ownload &with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all video with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - Reg Error: Key error. File not found O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.242 68.87.71.226 68.87.64.196 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.153,85.255.112.92 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - CLSID or File not found. O22 - SharedTaskScheduler: {C5AF49A2-94F3-42BD-F434-2604812C897D} - jhsf8d984jief8dsfus98jkefn - Reg Error: Key error. File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/14 06:27:10 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/02/04 00:58:16 \| 00,000,000 \| ---- \| M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{33fee1f0-9177-11dc-a6fb-0050f2e8940d}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found O33 - MountPoints2\{d92e467d-ff18-11da-a647-0050f2e8940d}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O34 - HKLM BootExecute: ("autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (") - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\.tmp files] [2009/06/24 20:02:19 \| 00,512,512 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTL.exe [2009/06/23 20:36:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\My Documents\SUSP 101 [2009/06/23 20:35:39 \| 00,028,087 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\SUSP 101.zip [2009/06/23 18:49:37 \| 00,359,893 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\dds (1).scr [2009/06/21 23:44:29 \| 00,286,208 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\gmer.exe [2009/06/21 23:44:11 \| 00,278,221 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip [2009/06/21 18:50:02 \| 03,036,691 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\ComboFix.exe [2009/06/21 18:36:24 \| 00,000,650 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\Hijackthis.lnk [2009/06/21 18:25:42 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/21 18:25:39 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/21 18:25:38 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/06/21 18:25:37 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/21 18:25:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/06/21 17:32:43 \| 00,000,276 \| -H-- \| C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009/06/13 03:28:37 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/13 03:28:34 \| 00,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/13 03:28:26 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2009/06/13 03:26:49 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/06/13 03:21:51 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2009/06/06 23:52:21 \| 00,000,795 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/06/06 23:51:11 \| 00,000,831 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/06/05 20:36:27 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\box2.WID [2009/06/05 20:06:05 \| 00,009,360 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\UNITINDEX.DAT [2009/06/05 20:05:44 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\box test 1.WID [2009/06/05 19:53:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinISD [2009/06/05 19:41:33 \| 00,000,000 \| ---D \| C] -- C:\BLAU1 [2009/06/02 19:07:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/06/02 19:07:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2009/05/30 23:28:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iolo [2009/05/30 11:57:57 \| 00,265,728 \| ---- \| C] (ScreenTime Media) -- C:\WINDOWS\System32\Sprint Now Saver.scr [2009/05/30 11:57:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Screentime [2009/05/30 11:57:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\Local Settings\Application Data\Screentime [2008/03/23 02:17:31 \| 00,886,784 \| ---- \| C] () -- C:\WINDOWS\ebook_library.dll [2008/03/16 08:16:47 \| 00,000,483 \| ---- \| C] () -- C:\WINDOWS\MP3trtg.ini [2008/03/16 08:15:48 \| 00,278,528 \| ---- \| C] () -- C:\WINDOWS\System32\ammpp.dll [2008/03/16 08:15:47 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\a1.dll [2007/10/21 21:49:20 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2007/10/21 21:48:10 \| 00,011,776 \| ---- \| C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2007/09/27 10:51:02 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/08/21 14:37:17 \| 00,000,258 \| ---- \| C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2007/08/21 12:43:28 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\kodakpcd.Adrian.ini [2007/07/15 20:58:30 \| 00,000,267 \| ---- \| C] () -- C:\WINDOWS\SysMech7.INI [2007/04/23 16:42:17 \| 00,000,112 \| ---- \| C] () -- C:\WINDOWS\ActiveSkin.INI [2007/04/07 13:58:30 \| 00,000,057 \| ---- \| C] () -- C:\WINDOWS\WININIT.INI [2006/12/12 22:44:38 \| 00,940,896 \| ---- \| C] () -- C:\WINDOWS\System32\Incinerator.dll [2006/06/15 22:14:06 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006/06/14 21:30:50 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/05/11 20:27:40 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2006/03/14 20:42:22 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005/12/10 04:06:00 \| 01,662,976 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/12/10 04:06:00 \| 01,470,464 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2005/12/10 04:06:00 \| 01,019,904 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/12/10 04:06:00 \| 00,581,632 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/12/10 04:06:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2005/12/10 04:06:00 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/12/10 04:06:00 \| 00,212,992 \| ---- \| C] () -- C:\WINDOWS\System32\nvapi.dll [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 14:35:56 \| 00,696,320 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 14:35:56 \| 00,155,648 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2004/08/10 08:00:00 \| 00,000,785 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/08/10 08:00:00 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/01/27 08:13:54 \| 00,421,888 \| ---- \| C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2004/01/27 08:13:14 \| 00,061,440 \| ---- \| C] () -- C:\WINDOWS\System32\libfaac.dll [2002/03/18 12:24:03 \| 00,038,176 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys [1999/07/05 06:00:00 \| 00,073,944 \| ---- \| C] () -- C:\WINDOWS\System32\mfc45.dll ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\.tmp files] [2009/06/24 20:02:19 \| 00,512,512 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTL.exe [2009/06/24 20:00:00 \| 00,000,276 \| -H-- \| M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009/06/24 16:26:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/24 16:16:30 \| 00,000,930 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003.job [2009/06/24 02:17:46 \| 00,000,330 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/06/23 20:35:39 \| 00,028,087 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\SUSP 101.zip [2009/06/23 18:49:37 \| 00,359,893 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\dds (1).scr [2009/06/22 16:04:24 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/22 15:41:01 \| 00,217,600 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/22 15:02:27 \| 00,013,702 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/22 15:01:51 \| 00,087,824 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/06/22 15:01:48 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/22 15:01:42 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/21 23:44:12 \| 00,278,221 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip [2009/06/21 18:50:02 \| 03,036,691 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\ComboFix.exe [2009/06/21 18:36:24 \| 00,000,650 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\Hijackthis.lnk [2009/06/21 18:32:40 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/16 20:10:59 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/06/11 02:54:43 \| 00,002,293 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\Google Chrome.lnk [2009/06/10 22:14:28 \| 00,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/06/10 05:41:33 \| 00,342,624 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/06 23:52:21 \| 00,000,795 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/06/06 23:51:12 \| 00,000,831 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/06/06 23:49:11 \| 00,001,472 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\DivX Movies.lnk [2009/06/05 20:36:27 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\box2.WID [2009/06/05 20:06:51 \| 00,009,360 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\UNITINDEX.DAT [2009/06/05 20:05:45 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\box test 1.WID [2009/06/01 12:51:12 \| 23,635,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/30 11:57:58 \| 00,265,728 \| ---- \| M] (ScreenTime Media) -- C:\WINDOWS\System32\Sprint Now Saver.scr [2009/05/29 15:54:52 \| 00,940,896 \| ---- \| M] () -- C:\WINDOWS\System32\Incinerator.dll ========== LOP Check ========== [2009/06/06 02:11:54 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Adrian\Application Data [2009/02/11 23:14:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Ahead [2009/03/14 21:20:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Canon [2007/09/13 18:34:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Corel [2009/06/05 16:47:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\iolo [2006/09/07 18:04:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Leadertech [2008/02/15 23:18:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\NewSoft [2007/04/07 16:55:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Roxio [2007/10/21 21:46:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\ScanSoft [2007/05/05 09:26:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\System Tweaker [2007/05/05 09:14:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Uniblue [2009/06/21 17:32:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\uTorrent [2009/04/08 22:49:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Adrian\Application Data\Windows Desktop Search [2009/06/21 18:25:38 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/03/25 20:42:08 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009/04/13 16:59:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2007/10/21 19:47:32 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/03/16 19:20:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2008/03/16 19:12:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/06/05 16:47:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\iolo [2009/03/30 18:33:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd [2009/03/10 21:26:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGTEK [2009/04/15 20:01:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Norton [2009/04/15 20:00:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2008/02/16 00:00:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/05/30 11:57:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Screentime [2009/01/01 13:56:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/12/22 20:45:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/06/24 16:26:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 08:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/06/24 16:16:30 \| 00,000,930 \| ---- \| M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003.job [2009/06/24 02:17:46 \| 00,000,330 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/06/22 15:01:48 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/06/24 20:00:00 \| 00,000,276 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >

oldman960 View Member Profile	Jun 25 2009, 02:39 AM Post #10
SuperMember Group: Classroom Teacher Posts: 3,708 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi raymon823, Okay we're ready to go. You have a program to disable as it may interfere with our fixes. WINDOWS DEFENDER Click Start > Programs > Windows Defender or launch from the system tray icon. Click on Tools & Settings > Options. Under Real-time protection options, uncheck the "Real-time protection" check box. Click Save. Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save. (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.) You will need to disable your antivirus program and firewall before running the tool we are going to use. I see you have combofix on your desktop. Please right click it and select delete. Combofix is a very powerful tool and only should be used under supervision. Please read through the instructions to familiarize yourself with what to expect when the tool runs. It is vitally important that combofix is renamed before it is even started to download Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop If you are using Firefox, make sure that your download settings are as follows: -Tools->Options->Main tab -Set to "Always ask me where to Save the files". During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. Close all other browsers/windows first As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do Not** run combofix more than once. If you have problems please post back for further instructions. 3.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Please post back with combofix log How's the computer? Thanks

raymon823 View Member Profile	Jun 25 2009, 02:30 PM Post #11
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	I have my Norton back now, that was my only problem. You guys are the best thats the second time you saved me. Here's the log ComboFix 09-06-25.01 - Adrian 06/25/2009 16:08.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.534 [GMT -4:00] Running from: c:\documents and settings\Adrian\Desktop\ComboFix1.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\BMe710987c.txt c:\windows\kb913800.exe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\drivers\MSIVXwpoagmkxypildwxfugrjlbivoqscgylw.sys c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXgcnayqefgsbflfwwfpehacgceurmigiw.dll c:\windows\system32\MSIVXxtoapraqkywifivektwvywjnulolyoyk.dll c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-25 19:54 . 2009-06-25 19:54 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\Symantec 2009-06-21 21:34 . 2009-06-21 21:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-21 17:43 . 2009-04-16 00:03 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG.SYS 2009-06-21 17:43 . 2009-04-16 00:03 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX15.SYS 2009-06-21 17:43 . 2009-04-16 00:03 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\EECTRL.SYS 2009-06-21 17:43 . 2009-04-16 00:03 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\ERASER.SYS 2009-06-21 17:43 . 2009-04-16 00:03 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG32.DLL 2009-06-21 17:43 . 2009-04-16 00:03 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX32A.DLL 2009-06-21 17:43 . 2009-04-16 00:03 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\ECMSVR32.DLL 2009-06-21 17:43 . 2009-04-16 00:02 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\CCERASER.DLL 2009-06-19 21:04 . 2009-04-16 00:03 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys 2009-06-19 21:04 . 2009-04-16 00:03 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll 2009-06-19 21:04 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll 2009-06-19 21:04 . 2009-04-16 00:03 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys 2009-06-19 21:04 . 2009-04-16 00:03 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys 2009-06-13 19:01 . 2009-06-13 19:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-13 12:05 . 2009-06-13 12:05 -------- d-sh--w- c:\documents and settings\Adrian\IECompatCache 2009-06-13 12:04 . 2009-06-13 12:04 -------- d-sh--w- c:\documents and settings\Adrian\PrivacIE 2009-06-13 07:42 . 2009-06-13 07:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-13 07:38 . 2009-06-13 07:38 -------- d-sh--w- c:\documents and settings\Adrian\IETldCache 2009-06-13 07:28 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-13 07:28 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-13 07:28 . 2009-06-13 07:28 -------- d-----w- c:\windows\ie8updates 2009-06-13 07:26 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-13 07:21 . 2009-06-13 07:26 -------- dc-h--w- c:\windows\ie8 2009-06-12 20:09 . 2009-04-16 00:03 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys 2009-06-12 20:09 . 2009-04-16 00:03 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys 2009-06-12 20:09 . 2009-04-16 00:03 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys 2009-06-12 20:09 . 2009-04-16 00:03 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll 2009-06-12 20:09 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll 2009-06-05 23:53 . 2009-06-05 23:54 -------- d-----w- c:\program files\WinISD 2009-06-05 23:41 . 2009-06-05 23:41 -------- d-----w- C:\BLAU1 2009-06-02 23:07 . 2009-06-02 23:07 -------- d-----w- c:\program files\iPod 2009-06-02 23:07 . 2009-06-02 23:08 -------- d-----w- c:\program files\iTunes 2009-06-02 22:54 . 2009-06-02 22:54 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-05-31 03:28 . 2009-05-31 03:28 -------- d-----w- c:\program files\iolo 2009-05-31 03:21 . 2009-03-25 20:49 45074200 ----a-w- c:\documents and settings\Adrian\Application Data\iolo\Installers\SystemMechanicPro.exe 2009-05-30 15:57 . 2009-05-30 15:57 34304 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Sprint Now Saver\saver1.dll 2009-05-30 15:57 . 2009-05-30 15:57 18192 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Sprint Now Saver\saver2.dll 2009-05-30 15:57 . 2009-05-30 15:57 265728 ----a-w- c:\windows\system32\Sprint Now Saver.scr 2009-05-30 15:57 . 2009-05-30 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime 2009-05-30 15:57 . 2009-05-30 15:58 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\Screentime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-21 22:13 . 2006-12-13 03:02 1525 -c--a-w- c:\documents and settings\Adrian\Application Data\iolo\restore.bat 2009-06-21 21:32 . 2008-03-04 23:16 -------- d-----w- c:\documents and settings\Adrian\Application Data\uTorrent 2009-06-15 07:01 . 2007-11-21 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-11 02:14 . 2008-04-03 18:02 -------- d-----w- c:\program files\Safari 2009-06-10 09:41 . 2007-11-21 05:40 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-09 22:05 . 2006-05-12 00:20 -------- d-----w- c:\documents and settings\Adrian\Application Data\Apple Computer 2009-06-07 03:53 . 2006-03-15 01:07 -------- d-----w- c:\program files\DivX 2009-06-07 03:49 . 2009-04-05 05:38 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-05 20:47 . 2006-12-13 02:41 -------- d-----w- c:\documents and settings\Adrian\Application Data\iolo 2009-06-05 20:47 . 2006-12-13 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-06-02 23:07 . 2007-07-02 03:20 -------- d-----w- c:\program files\Common Files\Apple 2009-06-02 23:04 . 2006-05-12 00:18 -------- d-----w- c:\program files\QuickTime 2009-05-29 19:54 . 2006-12-13 02:44 940896 ----a-w- c:\windows\system32\Incinerator.dll 2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll 2009-05-22 23:38 . 2009-05-22 23:38 390664 ----a-w- c:\documents and settings\Adrian\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-18 02:07 . 2006-03-17 01:31 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:29 . 2009-05-07 01:21 -------- d-----w- c:\program files\Coupons 2009-05-06 02:57 . 2008-02-20 20:18 3532 ----a-w- C:\drmHeader.bin 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 00:04 . 2009-04-16 00:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-16 00:04 . 2009-04-16 00:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-04-16 00:03 . 2009-04-16 00:04 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-04-16 00:03 . 2009-04-16 00:03 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys 2009-04-16 00:03 . 2009-04-16 00:03 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-04-16 00:03 . 2009-04-16 00:03 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys 2009-04-16 00:03 . 2009-04-16 00:03 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-04-16 00:03 . 2009-04-16 00:03 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-04-16 00:03 . 2009-04-16 00:03 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll 2009-04-16 00:03 . 2009-04-16 00:03 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-13 23:40 . 2006-03-15 01:25 97000 -c--a-w- c:\documents and settings\Adrian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-10 02:45 . 2009-04-10 02:45 266400 ----a-w- c:\documents and settings\Adrian\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-04-10 01:22 . 2009-03-27 22:47 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-10 01:22 . 2009-04-10 01:22 152576 ----a-w- c:\documents and settings\Adrian\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-06 20:46 . 2006-12-13 03:02 518 -c--a-w- c:\documents and settings\Adrian\Application Data\iolo\Registry\Last\restore.bat 2009-03-30 22:38 . 2009-03-30 22:38 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}] 2009-03-05 21:01 1883672 ----a-w- c:\program files\isoHunt\tbiso0.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "Google Update"="c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-16 133104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-11 185896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-30 91440] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-30 805392] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk] backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote V5.lnk] backup=c:\windows\pss\Logitech Harmony Remote V5.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience "15890:TCP"= 15890:TCP:BitComet 15890 TCP "15890:UDP"= 15890:UDP:BitComet 15890 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [4/15/2009 8:03 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [4/15/2009 8:03 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [4/15/2009 8:03 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys [6/19/2009 5:04 PM 276344] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 12:45 AM 124832] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/30/2009 11:28 PM 600944] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/30/2009 11:28 PM 600944] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [4/15/2009 8:03 PM 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/19/2009 10:21 AM 101936] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [3/14/2006 8:48 PM 36224] S1 SASDIFSV;SASDIFSV; [x] S1 SASKUTIL;SASKUTIL; [x] S2 0185631239168951mcinstcleanup;McAfee Application Installer Cleanup (0185631239168951); [x] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 SASENUM;SASENUM; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003.job - c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 00:15] 2009-06-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = Microsoft Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 16:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(788) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Completion time: 2009-06-25 16:23 ComboFix-quarantined-files.txt 2009-06-25 20:22 ComboFix2.txt 2008-03-23 04:09 Pre-Run: 173,017,477,120 bytes free Post-Run: 172,995,579,904 bytes free 268 --- E O F --- 2009-06-19 02:34

oldman960 View Member Profile	Jun 25 2009, 03:02 PM Post #12
SuperMember Group: Classroom Teacher Posts: 3,708 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi raymon823, Did you used to have SuperAntiSpyware and uninstalled it? µTorrent You have µTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles...cles/art053.htm I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Next, Your java is out of date. Click your start button, open Control panel. Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now After the java is updated, reboot your computer if not prompted to. One more scan just to be sure. Note It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Please go to Kaspersky* website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computerr under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Change the Files of type to Text file (.txt) Set the Save In to Desktop click the Save button. Please post this log in your next reply along with a new HijackThis log. Please post back with MBAM log Kaspersky log try to run DDS and post it's log. If it won't run use OTL again and post it's log Thanks

raymon823 View Member Profile	Jun 26 2009, 08:23 PM Post #13
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	Yes I did have superantispyware a couple of years ago. Everything seems to be back to normal my zip file wont upload Malwarebytes' Anti-Malware 1.38 Database version: 2335 Windows 5.1.2600 Service Pack 3 6/25/2009 5:27:35 PM mbam-log-2009-06-25 (17-27-35).txt Scan type: Quick Scan Objects scanned: 106800 Time elapsed: 12 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.153,85.255.112.92 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{68370d73-e966-4d9e-9f65-9596ce06d79a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.153,85.255.112.92 -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\IE updates (Adware.Agent) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\ebook_library.dll (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Adobe Pdf Money Guide.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\Checker.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ie updates\Roulette Cheat Guide - Make Money Online TODAY.url (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ie updates\sexYsexlog.url (Adware.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Adrian\Start Menu\Adobe Pdf Money Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\Adrian\Start Menu\Crack Money Maker Checker.lnk (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\Adrian\Start Menu\Money Maker Checker Help Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\Adrian\Start Menu\Money Maker Checker.lnk (Rogue.Link) -> Quarantined and deleted successfully. c:\documents and settings\Adrian\Start Menu\Quick Money Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Crack.txt (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\How To Use The Checker.pdf (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\Quick Money Guide.pdf (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\Read Me First.txt (Rogue.Link) -> Quarantined and deleted successfully. DDS (Ver_09-05-14.01) - NTFSx86 Run by Adrian at 22:00:40.22 on Fri 06/26/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.620 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\eHome\ehrecvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrian\Desktop\dds (1).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.comcast.net uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = Microsoft Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - c:\program files\isohunt\tbiso0.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - c:\program files\isohunt\tbiso0.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll TB: {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No File TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [Google Update] "c:\documents and settings\adrian\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-15 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-15 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-15 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090623.001\IDSXpx86.sys [2009-6-25 276344] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-30 600944] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-30 600944] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-15 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-19 101936] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2006-3-14 36224] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090626.016\NAVENG.SYS [2009-6-26 89104] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090626.016\NAVEX15.SYS [2009-6-26 876144] S1 SASDIFSV;SASDIFSV; [x] S1 SASKUTIL;SASKUTIL; [x] S2 0185631239168951mcinstcleanup;McAfee Application Installer Cleanup (0185631239168951); [x] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 SASENUM;SASENUM; [x] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-06-25 17:13 <DIR> --d----- c:\docume~1\adrian\applic~1\Malwarebytes 2009-06-25 17:13 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-25 17:13 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-25 17:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-25 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-25 16:21 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-06-25 15:55 161,792 a------- c:\windows\SWREG.exe 2009-06-25 15:55 155,136 a------- c:\windows\PEV.exe 2009-06-25 15:55 98,816 a------- c:\windows\sed.exe 2009-06-13 08:05 <DIR> --dsh--- c:\documents and settings\adrian\IECompatCache 2009-06-13 08:04 <DIR> --dsh--- c:\documents and settings\adrian\PrivacIE 2009-06-13 03:38 <DIR> --dsh--- c:\documents and settings\adrian\IETldCache 2009-06-13 03:28 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-13 03:28 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-13 03:28 <DIR> --d----- c:\windows\ie8updates 2009-06-13 03:26 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-06-13 03:21 <DIR> -cd-h--- c:\windows\ie8 2009-06-05 19:53 <DIR> --d----- c:\program files\WinISD 2009-06-05 19:41 <DIR> --d----- C:\BLAU1 2009-06-02 19:07 <DIR> --d----- c:\program files\iPod 2009-06-02 19:07 <DIR> --d----- c:\program files\iTunes 2009-05-30 23:28 <DIR> --d----- c:\program files\iolo 2009-05-30 11:57 265,728 a------- c:\windows\system32\Sprint Now Saver.scr 2009-05-30 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Screentime ==================== Find3M ==================== 2009-05-29 15:54 940,896 a------- c:\windows\system32\Incinerator.dll 2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-05 22:57 3,532 a------- C:\drmHeader.bin 2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 20:04 60,808 a------- c:\windows\system32\S32EVNT1.DLL 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-09 21:22 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-30 18:38 130,208 -----r-- c:\windows\bwUnin-8.1.1.87-8876480SL.exe ============= FINISH: 22:02:06.86 ===============

raymon823 View Member Profile	Jun 26 2009, 08:30 PM Post #14
New Member Group: Authentic Member Posts: 19 Joined: 20-March 08 Member No.: 77,745 Operating System: Windows xp media center edition 2005	heres an otl log since i could not attatch the dds log OTL logfile created on: 6/26/2009 10:23:50 PM - Run 2 OTL by OldTimer - Version 3.0.5.2 Folder = C:\Documents and Settings\Adrian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory \| 508.07 Mb Available Physical Memory \| 49.66% Memory free 2.41 Gb Paging File \| 1.70 Gb Available in Paging File \| 70.63% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 279.47 Gb Total Space \| 159.84 Gb Free Space \| 57.20% Space Free \| Partition Type: NTFS Drive D: \| 279.47 Gb Total Space \| 4.70 Gb Free Space \| 1.68% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADRIAN-AC2E4A6E Current User Name: Adrian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\eHome\ehrecvr.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Documents and Settings\Adrian\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (0185631239168951mcinstcleanup [Auto \| Stopped]) -- File not found SRV - (AdobeActiveFileMonitor6.0 [Auto \| Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (ioloFileInfoList [Auto \| Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe () SRV - (ioloSystemService [Auto \| Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe () SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LBTServ [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (McrdSvc [Auto \| Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service [On_Demand \| Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Norton Internet Security [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (odserv [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (spkrmon [Auto \| Running]) -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe () SRV - (WinDefend [Auto \| Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aeaudio [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (AN983 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\AN983.sys (ADMtek Incorporated.) DRV - (ATIAVPCI [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\atinavrr.sys (ATI Technologies Inc.) DRV - (BHDrvx86 [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation) DRV - (ccHP [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (eeCtrl [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (FileDisk [System \| Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén)) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HSFHWBS2 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (IDSxpx86 [System \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090623.001\IDSxpx86.sys (Symantec Corporation) DRV - (IrBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation) DRV - (L8042Kbd [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV - (LHidFilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV - (LNE100 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\LNE100V5.sys (LinkSys Group Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MPE [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation) DRV - (NAVENG [On_Demand \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand \| Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090626.016\NAVEX15.SYS (Symantec Corporation) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvport [System \| Running]) -- C:\WINDOWS\System32\Drivers\nvport.sys (NVIDIA Corporation.) DRV - (OMCI [System \| Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Point32 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SbcpHid [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\SbcpHid.sys () DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (smwdm [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (SRTSP [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation) DRV - (SymEFA [Boot \| Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMIDS.SYS (Symantec Corporation) DRV - (SymIM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SymIMMP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SYMNDIS [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation) DRV - (usb_rndisx [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV - (wceusbsh [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/11 14:04:23 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 03:04:53 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/09 21:22:45 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &D&ownload &with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all video with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all with BitComet - D:\Program Files\BitComet\BitComet.exe File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - Reg Error: Key error. File not found O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/14 06:27:10 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/02/04 00:58:16 \| 00,000,000 \| ---- \| M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\.tmp files] [2009/06/25 17:13:26 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\Application Data\Malwarebytes [2009/06/25 17:13:21 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/25 17:13:17 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/25 17:13:14 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/25 17:13:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/06/25 17:13:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/06/25 17:12:59 \| 00,000,000 \| -HSD \| C] -- C:\RECYCLER [2009/06/25 16:21:05 \| 02,145,280 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009/06/25 16:21:05 \| 02,023,936 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009/06/25 16:21:05 \| 01,614,848 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009/06/25 16:21:05 \| 01,033,728 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009/06/25 16:21:05 \| 00,989,696 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009/06/25 16:21:05 \| 00,915,456 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009/06/25 16:21:05 \| 00,578,560 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009/06/25 16:21:05 \| 00,507,904 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009/06/25 16:21:05 \| 00,361,600 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009/06/25 16:21:05 \| 00,295,424 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009/06/25 16:21:05 \| 00,182,656 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009/06/25 16:21:05 \| 00,167,936 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009/06/25 16:21:05 \| 00,110,592 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009/06/25 16:21:05 \| 00,110,080 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009/06/25 16:21:05 \| 00,082,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009/06/25 16:21:05 \| 00,057,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009/06/25 16:21:05 \| 00,051,224 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009/06/25 16:21:05 \| 00,036,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009/06/25 16:21:05 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009/06/25 16:21:05 \| 00,024,576 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009/06/25 16:21:05 \| 00,017,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009/06/25 16:21:05 \| 00,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009/06/25 16:21:05 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009/06/25 16:21:05 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009/06/25 16:21:05 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\dllcache\cache [2009/06/25 15:55:12 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/06/25 15:55:12 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/06/25 15:55:12 \| 00,155,136 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/06/25 15:55:12 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/06/25 15:55:12 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/06/25 15:55:12 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/06/25 15:55:12 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/25 15:55:12 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/06/25 15:54:38 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\Local Settings\Application Data\Symantec [2009/06/25 15:38:36 \| 00,000,330 \| -H-- \| C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/06/25 15:28:45 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/06/25 15:27:50 \| 03,041,460 \| R--- \| C] () -- C:\Documents and Settings\Adrian\Desktop\ComboFix1.exe [2009/06/24 20:02:19 \| 00,512,512 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTL.exe [2009/06/23 20:36:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\My Documents\SUSP 101 [2009/06/23 20:35:39 \| 00,028,087 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\SUSP 101.zip [2009/06/23 18:49:37 \| 00,359,893 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\dds (1).scr [2009/06/21 23:44:29 \| 00,286,208 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\gmer.exe [2009/06/21 23:44:11 \| 00,278,221 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip [2009/06/21 18:36:24 \| 00,000,650 \| ---- \| C] () -- C:\Documents and Settings\Adrian\Desktop\Hijackthis.lnk [2009/06/13 03:28:37 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/13 03:28:34 \| 00,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/13 03:28:26 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2009/06/13 03:26:49 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/06/13 03:21:51 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2009/06/06 23:52:21 \| 00,000,795 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/06/06 23:51:11 \| 00,000,831 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/06/05 20:36:27 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\box2.WID [2009/06/05 20:06:05 \| 00,009,360 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\UNITINDEX.DAT [2009/06/05 20:05:44 \| 00,000,792 \| ---- \| C] () -- C:\Documents and Settings\Adrian\My Documents\box test 1.WID [2009/06/05 19:53:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinISD [2009/06/05 19:41:33 \| 00,000,000 \| ---D \| C] -- C:\BLAU1 [2009/06/02 19:07:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/06/02 19:07:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2009/05/30 23:28:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iolo [2009/05/30 11:57:57 \| 00,265,728 \| ---- \| C] (ScreenTime Media) -- C:\WINDOWS\System32\Sprint Now Saver.scr [2009/05/30 11:57:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Screentime [2009/05/30 11:57:28 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Adrian\Local Settings\Application Data\Screentime [2008/03/16 08:16:47 \| 00,000,483 \| ---- \| C] () -- C:\WINDOWS\MP3trtg.ini [2008/03/16 08:15:48 \| 00,278,528 \| ---- \| C] () -- C:\WINDOWS\System32\ammpp.dll [2008/03/16 08:15:47 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\a1.dll [2007/10/21 21:49:20 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2007/10/21 21:48:10 \| 00,011,776 \| ---- \| C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2007/09/27 10:51:02 \| 00,020,698 \| ---- \| C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 \| 00,030,628 \| ---- \| C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 \| 00,031,698 \| ---- \| C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/08/21 14:37:17 \| 00,000,258 \| ---- \| C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2007/08/21 12:43:28 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\kodakpcd.Adrian.ini [2007/07/15 20:58:30 \| 00,000,267 \| ---- \| C] () -- C:\WINDOWS\SysMech7.INI [2007/04/23 16:42:17 \| 00,000,112 \| ---- \| C] () -- C:\WINDOWS\ActiveSkin.INI [2007/04/07 13:58:30 \| 00,000,057 \| ---- \| C] () -- C:\WINDOWS\WININIT.INI [2006/12/12 22:44:38 \| 00,940,896 \| ---- \| C] () -- C:\WINDOWS\System32\Incinerator.dll [2006/06/15 22:14:06 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006/06/14 21:30:50 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/05/11 20:27:40 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2006/03/14 20:42:22 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005/12/10 04:06:00 \| 01,662,976 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/12/10 04:06:00 \| 01,470,464 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2005/12/10 04:06:00 \| 01,019,904 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/12/10 04:06:00 \| 00,581,632 \| ---- \| C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/12/10 04:06:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2005/12/10 04:06:00 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/12/10 04:06:00 \| 00,212,992 \| ---- \| C] () -- C:\WINDOWS\System32\nvapi.dll [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 14:35:56 \| 00,696,320 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 14:35:56 \| 00,155,648 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2004/08/10 08:00:00 \| 00,000,785 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/08/10 08:00:00 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/01/27 08:13:54 \| 00,421,888 \| ---- \| C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2004/01/27 08:13:14 \| 00,061,440 \| ---- \| C] () -- C:\WINDOWS\System32\libfaac.dll [2002/03/18 12:24:03 \| 00,038,176 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys [1999/07/05 06:00:00 \| 00,073,944 \| ---- \| C] () -- C:\WINDOWS\System32\mfc45.dll ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\*.tmp files] [2009/06/26 19:38:20 \| 00,000,930 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003.job [2009/06/26 01:57:19 \| 00,000,330 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/06/26 01:15:19 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/26 01:14:57 \| 00,221,184 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/25 18:08:22 \| 00,013,702 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/25 18:07:47 \| 00,087,824 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/06/25 18:07:38 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/25 18:07:33 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/06/25 17:48:04 \| 00,002,293 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\Google Chrome.lnk [2009/06/25 17:13:21 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/25 16:19:05 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/06/25 15:27:51 \| 03,041,460 \| R--- \| M] () -- C:\Documents and Settings\Adrian\Desktop\ComboFix1.exe [2009/06/24 20:02:19 \| 00,512,512 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTL.exe [2009/06/24 16:26:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/23 20:35:39 \| 00,028,087 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\SUSP 101.zip [2009/06/23 18:49:37 \| 00,359,893 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\dds (1).scr [2009/06/21 23:44:12 \| 00,278,221 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip [2009/06/21 18:36:24 \| 00,000,650 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\Hijackthis.lnk [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/16 20:10:59 \| 00,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/06/10 22:14:28 \| 00,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/06/10 05:41:33 \| 00,342,624 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/08 08:10:10 \| 00,155,136 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/06/06 23:52:21 \| 00,000,795 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/06/06 23:51:12 \| 00,000,831 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/06/06 23:49:11 \| 00,001,472 \| ---- \| M] () -- C:\Documents and Settings\Adrian\Desktop\DivX Movies.lnk [2009/06/05 20:36:27 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\box2.WID [2009/06/05 20:06:51 \| 00,009,360 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\UNITINDEX.DAT [2009/06/05 20:05:45 \| 00,000,792 \| ---- \| M] () -- C:\Documents and Settings\Adrian\My Documents\box test 1.WID [2009/06/01 12:51:12 \| 23,635,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/30 11:57:58 \| 00,265,728 \| ---- \| M] (ScreenTime Media) -- C:\WINDOWS\System32\Sprint Now Saver.scr [2009/05/29 15:54:52 \| 00,940,896 \| ---- \| M] () -- C:\WINDOWS\System32\Incinerator.dll < End of report >

oldman960 View Member Profile	Jun 26 2009, 11:04 PM Post #15
SuperMember Group: Classroom Teacher Posts: 3,708 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi I'm not sure why you can't attach the file. Did you update your java? Your log still shows Java™ 6 Update 13. You have a questionable toolbar, isoHunt Toolbar. http://www.systemlookup.com/CLSID/46892-tb...tbiso1_dll.html Do you use or want this program? If not you can uninstall isoHunt Toolbar via add/remove programs. Since you no longer have SuperAntiSpyware, we'll tidy things up. We will use combofix again but run it differently. Please follow all previous instructions regarding security programs. Open a new Notepad session Click the Start button, click run in the run box type notepad click ok In the notepad, Click "Format" and be certain that Word Wrap is not checked. Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE Do Not copy the word CODE CODE DDS:: TB: {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Driver:: SASDIFSV SASKUTIL SASENUM In the notepad Click File, Save as..., and set the Save in to your Desktop In the filename box, type (including quotation marks) as the filename: "CFScript.txt" Click save Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below. This will start ComboFix again.Close all browser/windows first. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Please post back with combofix log Kaspersky log from previous post. Thanks

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] spyware/ fake antivirus 12	29	83valentine	302	Today, 11:38 AM Last post by: ken545
Infections Removal [Resolved] laptop running slow	14	juibre	166	Today, 11:37 AM Last post by: ken545
Infections Removal [Resolved] Trojan Detected 12	20	toyotomi	362	Today, 11:16 AM Last post by: CatByte
Infections Removal Having problems with updating my Avira anti-virus and want to make sur	14	thunder420	143	Today, 10:00 AM Last post by: Tomk