Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91805 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] browser redirect in firefox & IE


  • This topic is locked This topic is locked
14 replies to this topic

#1 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 October 2009 - 07:16 AM

I cannot access any websites, browser redirects to thefeedyarddotcom or other advertising sites. i wanted to download the erunt file to prepare for expert help but again i cannot access the file nor any site that offers free malware scans. i have adaware and i ran my panda program and no files were caught. thank you for your time

    Advertisements

Register to Remove


#2 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 12 October 2009 - 07:26 PM

Posted Image

Hi, welcome to the WTT Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following:

  • Absence of symptoms does not always mean the computer is clean
  • Please do not run any scans or fixes without my direction.
  • Finally, stay with this topic until I give you the final 'All clear' post.

1) DDS
Posted Image
Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

2) RR
Please download RootRepeal.zip.
Save it to your Desktop. Alternate download links here or here.
Please print these instructions, you will not have an Internet connection!
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  • Right click on RootRepeal.zip and select "Extract All"....
  • Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  • Click on the Browse...button, then click on Desktop, then click OK.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Before running RootRepeal:
    • Disconnect from the Internet as your system will be unprotected while using this tool.
      Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it.
  • When the program opens, click the Report tab at the bottom, then click the Scan button.
  • In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes.
    Posted Image
  • Click OK.
  • In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
    The scan can take some time to finish. Do not use the computer while the scan is running.
    When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as "rootrepeal.txt" to your desktop.
  • Close and exit RootRepeal
  • Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply.

Make sure to enable your anti-virus, Firewall and any other security programs you disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".

3) What You Will Need To Post:
  • DDS logs
  • RR log

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 13 October 2009 - 12:42 AM

aloha raktor here are the logs:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Joe at 16:02:28.60 on Mon 10/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kauaibeachrentals.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [calc] "rundll32.exe" c:\docume~1\locals~1\ntuser.dll,_IWMPEvents@0
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [JMB36X Configure] "c:\windows\system32\JMRaidTool.exe" boot
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [Cleanup] "c:\program files\complete cleanup\compind.bat"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunServices: [Cleanup] "c:\program files\complete cleanup\compind.bat"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?e219305faa7042e1b116a3c4570a71f3
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?e219305faa7042e1b116a3c4570a71f3
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158470061578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158609863000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.32.21/ttinst.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joe\applic~1\mozilla\firefox\profiles\ux0htms7.default\
FF - component: c:\documents and settings\joe\application data\mozilla\firefox\profiles\ux0htms7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-12 12:20 775,168 a------- c:\windows\isRS-000.tmp
2009-10-12 12:20 1,563,008 a------- c:\windows\WRSetup.dll
2009-10-12 12:20 <DIR> --d----- c:\docume~1\joe\applic~1\Webroot
2009-10-12 12:20 <DIR> --d----- c:\program files\Webroot
2009-10-12 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-10-12 08:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-10-12 00:02 <DIR> --d----- C:\9dfddd438a0e0976f6dfd7342a39
2009-10-12 00:02 <DIR> --d----- C:\e428179bf115bdf1fb5c653fc3
2009-10-10 06:33 <DIR> --d----- c:\program files\common files\xing shared
2009-10-05 19:46 <DIR> --d----- c:\docume~1\joe\applic~1\iPodifier
2009-10-05 17:12 <DIR> --d----- c:\program files\ConvertHelper
2009-10-05 16:55 <DIR> --d----- c:\program files\iPodifier
2009-10-02 09:35 <DIR> --d----- c:\program files\CCleaner
2009-09-30 12:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-12 12:31 403,552 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-10-12 12:31 403,552 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-12 12:31 1,264 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-10-12 12:31 1,264 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-04 23:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 09:01 58,880 a------- c:\windows\system32\atl.dll
2009-01-10 12:52 65 a------- c:\program files\common files\appop.log
2008-06-09 21:50 87,608 a------- c:\docume~1\joe\applic~1\inst.exe
2008-06-09 21:50 47,360 a------- c:\docume~1\joe\applic~1\pcouffin.sys
2007-11-06 05:32 56,912 a------- c:\documents and settings\joe\g2mdlhlpx.exe
2006-06-22 20:48 32,768 ac---r-- c:\windows\inf\UpdateUSB.exe
2006-09-30 12:52 32 ac-sh--- c:\windows\{7B58CE0A-D41A-4C97-A444-0D6BFB2997D6}.dat
2006-09-30 14:39 5 ac-sh--- c:\windows\system32\beaafadcc_s.dll
2006-05-02 23:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 00:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2006-09-30 12:52 32 ac-sh--- c:\windows\system32\{ADAE1D18-A97F-447A-92F2-2A4AE0A38F21}.dat

============= FINISH: 16:32:12.79 ===============
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 17:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: av5flt.sys
Image Path: C:\WINDOWS\system32\drivers\av5flt.sys
Address: 0xB47C2000 Size: 92544 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB685F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE30000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PavSRK.sys
Image Path: C:\WINDOWS\system32\PavSRK.sys
Address: 0xB6CFC000 Size: 32768 File Visible: No Signed: -
Status: -

Name: PavTPK.sys
Image Path: C:\WINDOWS\system32\PavTPK.sys
Address: 0xB9C38000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0AA6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Joe\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\Panda Antivirus + Firewall 2008\TEMP\pavsig.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\scandisk.lnk
Status: Invisible to the Windows API!

Path: F:\Azureus Downloads\The.Tiger.And.The.Snow.2005.Swesub.DVDRip.Xvid-monica112\THETIG~1.MOV:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a7f4688

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x8a7c6d10

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8a7f4bb0

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x8a7f4b38

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a7f4958

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x8a7f50a8

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x8a7f4c28

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8a7f4700

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a7f4598

#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8a7f4d90

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a7f47f0

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8a7f4d18

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a7f4a48

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a7f4868

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x8a7f4ca0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a7f49d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a7f4778

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb4c0ea70

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb4c0de40

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a7f4610

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x8a550158 Size: 3753

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a552020 Size: 200

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x8a551020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x8a559020 Size: 424

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x8a558020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a557020 Size: 1393

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a556020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a555020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x8a554020 Size: 4064

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a56b020 Size: 2421

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a563020 Size: 1341

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a685b80 Size: 642

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a5279e0 Size: 1569

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a522de8 Size: 537

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5c9d78 Size: 648

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5c8ed0 Size: 306

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5c2378 Size: 558

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a5c0f18 Size: 232

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x8a5c0ac0 Size: 1344

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a5cb290 Size: 1716

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a5cbbc0 Size: 1089

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a5c9b00 Size: 1280

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x8a5c96a8 Size: 2392

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5c8798 Size: 2154

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a5c7f80 Size: 129

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a5c77b0 Size: 810

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a6ac020 Size: 750

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x8a6c4020 Size: 482

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8996f618

#: 343 Function Name: NtUserCreateWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb4c0ee50

#: 355 Function Name: NtUserDestroyWindow
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb4c0f030

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x899dfab8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8a6f3fa8

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8a6f3f30

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89a1a660

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8992dfa8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8992df30

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8a542140

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x898ddd30

==EOF==

Attached Files



#4 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 13 October 2009 - 12:45 AM

Please read through the instructions to familiarize yourself with what to expect when the tool runs.

Please download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts. Close all browsers/windows first.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#5 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 13 October 2009 - 06:46 AM

raktor, of note: the recovery console did not install, the pop up window never appeared

ComboFix 09-10-12.03 - Joe 10/12/2009 21:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1383 [GMT -10:00]
Running from: G:\ComboFix.exe
AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Antivirus 2008 Personal Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Joe\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Joe\Application Data\inst.exe
c:\documents and settings\Joe\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Joe\ntuser.dll
c:\documents and settings\Joe\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Joe\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\LocalService\ntuser.dll
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\Installer\136ba.msi
c:\windows\Installer\15b3a.msi
c:\windows\Installer\1d83c75.msp
c:\windows\Installer\1d83c76.msp
c:\windows\Installer\1d83c77.msp
c:\windows\Installer\1d83c78.msp
c:\windows\Installer\1d83c79.msp
c:\windows\Installer\1d83c7a.msp
c:\windows\Installer\1d83c7b.msp
c:\windows\Installer\1d83c7c.msp
c:\windows\Installer\1d83c7d.msp
c:\windows\Installer\23bb57.msp
c:\windows\Installer\23bb58.msp
c:\windows\Installer\23bb59.msp
c:\windows\Installer\23bb5a.msp
c:\windows\Installer\23bb5b.msp
c:\windows\Installer\23bb5c.msp
c:\windows\Installer\23bb5d.msp
c:\windows\Installer\23bb5e.msp
c:\windows\Installer\23bb5f.msp
c:\windows\Installer\23ff1b7.msp
c:\windows\Installer\23ff1b8.msp
c:\windows\Installer\23ff1b9.msp
c:\windows\Installer\23ff1ba.msp
c:\windows\Installer\23ff1bb.msp
c:\windows\Installer\23ff1bc.msp
c:\windows\Installer\23ff1bd.msp
c:\windows\Installer\23ff1be.msp
c:\windows\Installer\23ff1bf.msp
c:\windows\Installer\284a5d9.msp
c:\windows\Installer\284a5da.msp
c:\windows\Installer\284a5db.msp
c:\windows\Installer\284a5dc.msp
c:\windows\Installer\284a5dd.msp
c:\windows\Installer\284a5de.msp
c:\windows\Installer\284a5df.msp
c:\windows\Installer\284a5e0.msp
c:\windows\Installer\284a5e1.msp
c:\windows\Installer\293fbef.msp
c:\windows\Installer\293fbf0.msp
c:\windows\Installer\293fbf1.msp
c:\windows\Installer\293fbf2.msp
c:\windows\Installer\293fbf3.msp
c:\windows\Installer\293fbf4.msp
c:\windows\Installer\293fbf5.msp
c:\windows\Installer\293fbf6.msp
c:\windows\Installer\293fbf7.msp
c:\windows\Installer\2a00ef.msp
c:\windows\Installer\2cae7c0.msp
c:\windows\Installer\2cae7c1.msp
c:\windows\Installer\2cae7c2.msp
c:\windows\Installer\2cae7c3.msp
c:\windows\Installer\2cae7c4.msp
c:\windows\Installer\2cae7c5.msp
c:\windows\Installer\2cae7c6.msp
c:\windows\Installer\2cae7c7.msp
c:\windows\Installer\2cae7c8.msp
c:\windows\Installer\2d71ea.msp
c:\windows\Installer\2d71eb.msp
c:\windows\Installer\2d71ec.msp
c:\windows\Installer\2d71ed.msp
c:\windows\Installer\2d71ee.msp
c:\windows\Installer\2d71ef.msp
c:\windows\Installer\2d71f0.msp
c:\windows\Installer\2d71f1.msp
c:\windows\Installer\2d71f2.msp
c:\windows\Installer\2d75c69.msp
c:\windows\Installer\2d75c6a.msp
c:\windows\Installer\2d75c6b.msp
c:\windows\Installer\2d75c6c.msp
c:\windows\Installer\2d75c6d.msp
c:\windows\Installer\2d75c6e.msp
c:\windows\Installer\2d75c6f.msp
c:\windows\Installer\2d75c70.msp
c:\windows\Installer\2d75c71.msp
c:\windows\Installer\2d90f1a.msp
c:\windows\Installer\2d90f1b.msp
c:\windows\Installer\2d90f1c.msp
c:\windows\Installer\2d90f1d.msp
c:\windows\Installer\2d90f1e.msp
c:\windows\Installer\2d90f1f.msp
c:\windows\Installer\2d90f20.msp
c:\windows\Installer\2d90f21.msp
c:\windows\Installer\2d90f22.msp
c:\windows\Installer\2d92ddd.msp
c:\windows\Installer\2d92dde.msp
c:\windows\Installer\2d92ddf.msp
c:\windows\Installer\2d92de0.msp
c:\windows\Installer\2d92de1.msp
c:\windows\Installer\2d92de2.msp
c:\windows\Installer\2d92de3.msp
c:\windows\Installer\2d92de4.msp
c:\windows\Installer\2d92de5.msp
c:\windows\Installer\2e1468e.msp
c:\windows\Installer\2e6382e.msp
c:\windows\Installer\2e6382f.msp
c:\windows\Installer\2e63830.msp
c:\windows\Installer\2e63831.msp
c:\windows\Installer\2e63832.msp
c:\windows\Installer\2e63833.msp
c:\windows\Installer\2e63834.msp
c:\windows\Installer\2e63835.msp
c:\windows\Installer\2e63836.msp
c:\windows\Installer\2e95b77.msp
c:\windows\Installer\2e95b78.msp
c:\windows\Installer\2e95b79.msp
c:\windows\Installer\2e95b7a.msp
c:\windows\Installer\2e95b7b.msp
c:\windows\Installer\2e95b7c.msp
c:\windows\Installer\2e95b7d.msp
c:\windows\Installer\2e95b7e.msp
c:\windows\Installer\2e95b7f.msp
c:\windows\Installer\2f5369f.msp
c:\windows\Installer\2f536a0.msp
c:\windows\Installer\2f536a1.msp
c:\windows\Installer\2f536a2.msp
c:\windows\Installer\2f536a3.msp
c:\windows\Installer\2f536a4.msp
c:\windows\Installer\2f536a5.msp
c:\windows\Installer\2f536a6.msp
c:\windows\Installer\2f536a7.msp
c:\windows\Installer\2fd2c77.msp
c:\windows\Installer\2fd2c80.msp
c:\windows\Installer\2fd45bb.msp
c:\windows\Installer\2fd45bc.msp
c:\windows\Installer\2fd45bd.msp
c:\windows\Installer\2fd45be.msp
c:\windows\Installer\2fd45bf.msp
c:\windows\Installer\2fd45c0.msp
c:\windows\Installer\2fd45c1.msp
c:\windows\Installer\2fd45c2.msp
c:\windows\Installer\2fd45c3.msp
c:\windows\Installer\3019f23.msp
c:\windows\Installer\302f1f1.msp
c:\windows\Installer\302f1f2.msp
c:\windows\Installer\302f1f3.msp
c:\windows\Installer\302f1f4.msp
c:\windows\Installer\302f1f5.msp
c:\windows\Installer\302f1f6.msp
c:\windows\Installer\302f1f7.msp
c:\windows\Installer\302f1f8.msp
c:\windows\Installer\302f1f9.msp
c:\windows\Installer\30bf3f9.msp
c:\windows\Installer\30bf3fa.msp
c:\windows\Installer\30bf3fb.msp
c:\windows\Installer\30bf3fc.msp
c:\windows\Installer\30bf3fd.msp
c:\windows\Installer\30bf3fe.msp
c:\windows\Installer\30bf3ff.msp
c:\windows\Installer\30bf400.msp
c:\windows\Installer\30bf401.msp
c:\windows\Installer\3107d3a.msp
c:\windows\Installer\3107d3b.msp
c:\windows\Installer\3107d3c.msp
c:\windows\Installer\3107d3d.msp
c:\windows\Installer\3107d3e.msp
c:\windows\Installer\3107d3f.msp
c:\windows\Installer\3107d40.msp
c:\windows\Installer\3107d41.msp
c:\windows\Installer\3107d42.msp
c:\windows\Installer\31b9c26.msp
c:\windows\Installer\31b9c27.msp
c:\windows\Installer\31b9c28.msp
c:\windows\Installer\31b9c29.msp
c:\windows\Installer\31b9c2a.msp
c:\windows\Installer\31b9c2b.msp
c:\windows\Installer\31b9c2c.msp
c:\windows\Installer\31b9c2d.msp
c:\windows\Installer\31b9c2e.msp
c:\windows\Installer\31f44bc.msp
c:\windows\Installer\31f44bd.msp
c:\windows\Installer\31f44be.msp
c:\windows\Installer\31f44bf.msp
c:\windows\Installer\31f44c0.msp
c:\windows\Installer\31f44c1.msp
c:\windows\Installer\31f44c2.msp
c:\windows\Installer\31f44c3.msp
c:\windows\Installer\31f44c4.msp
c:\windows\Installer\32bf3be.msp
c:\windows\Installer\32bf3bf.msp
c:\windows\Installer\32bf3c0.msp
c:\windows\Installer\32bf3c1.msp
c:\windows\Installer\32bf3c2.msp
c:\windows\Installer\32bf3c3.msp
c:\windows\Installer\32bf3c4.msp
c:\windows\Installer\32bf3c5.msp
c:\windows\Installer\32bf3c6.msp
c:\windows\Installer\32ec02d.msp
c:\windows\Installer\32ec02e.msp
c:\windows\Installer\32ec02f.msp
c:\windows\Installer\32ec030.msp
c:\windows\Installer\32ec031.msp
c:\windows\Installer\32ec032.msp
c:\windows\Installer\32ec033.msp
c:\windows\Installer\32ec034.msp
c:\windows\Installer\32ec035.msp
c:\windows\Installer\3374fa4.msp
c:\windows\Installer\3374fa5.msp
c:\windows\Installer\3374fa6.msp
c:\windows\Installer\3374fa7.msp
c:\windows\Installer\3374fa8.msp
c:\windows\Installer\3374fa9.msp
c:\windows\Installer\3374faa.msp
c:\windows\Installer\3374fab.msp
c:\windows\Installer\3374fac.msp
c:\windows\Installer\33b506c.msp
c:\windows\Installer\33b506d.msp
c:\windows\Installer\33b506e.msp
c:\windows\Installer\33b506f.msp
c:\windows\Installer\33b5070.msp
c:\windows\Installer\33b5071.msp
c:\windows\Installer\33b5072.msp
c:\windows\Installer\33b5073.msp
c:\windows\Installer\33b5074.msp
c:\windows\Installer\33b8bfe.msp
c:\windows\Installer\33b8bff.msp
c:\windows\Installer\33b8c00.msp
c:\windows\Installer\33b8c01.msp
c:\windows\Installer\33b8c02.msp
c:\windows\Installer\33b8c03.msp
c:\windows\Installer\33b8c04.msp
c:\windows\Installer\33b8c05.msp
c:\windows\Installer\33b8c06.msp
c:\windows\Installer\33ba8cd.msp
c:\windows\Installer\33ba8ce.msp
c:\windows\Installer\33ba8cf.msp
c:\windows\Installer\33ba8d0.msp
c:\windows\Installer\33ba8d1.msp
c:\windows\Installer\33ba8d2.msp
c:\windows\Installer\33ba8d3.msp
c:\windows\Installer\33ba8d4.msp
c:\windows\Installer\33ba8d5.msp
c:\windows\Installer\345e170.msp
c:\windows\Installer\345e171.msp
c:\windows\Installer\345e172.msp
c:\windows\Installer\345e173.msp
c:\windows\Installer\345e174.msp
c:\windows\Installer\345e175.msp
c:\windows\Installer\345e176.msp
c:\windows\Installer\345e177.msp
c:\windows\Installer\345e178.msp
c:\windows\Installer\348c32.msi
c:\windows\Installer\35852.msp
c:\windows\Installer\35df2f0.msp
c:\windows\Installer\35df2f1.msp
c:\windows\Installer\35df2f2.msp
c:\windows\Installer\35df2f3.msp
c:\windows\Installer\35df2f4.msp
c:\windows\Installer\35df2f5.msp
c:\windows\Installer\35df2f6.msp
c:\windows\Installer\35df2f7.msp
c:\windows\Installer\35df2f8.msp
c:\windows\Installer\36d7dc.msp
c:\windows\Installer\372a680.msp
c:\windows\Installer\372a681.msp
c:\windows\Installer\372a682.msp
c:\windows\Installer\372a683.msp
c:\windows\Installer\372a684.msp
c:\windows\Installer\372a685.msp
c:\windows\Installer\372a686.msp
c:\windows\Installer\372a687.msp
c:\windows\Installer\372a688.msp
c:\windows\Installer\373bc26.msp
c:\windows\Installer\373bc27.msp
c:\windows\Installer\373bc28.msp
c:\windows\Installer\373bc29.msp
c:\windows\Installer\373bc2a.msp
c:\windows\Installer\373bc2b.msp
c:\windows\Installer\373bc2c.msp
c:\windows\Installer\373bc2d.msp
c:\windows\Installer\373bc2e.msp
c:\windows\Installer\3876e6.msp
c:\windows\Installer\3876e7.msp
c:\windows\Installer\3876e8.msp
c:\windows\Installer\3876e9.msp
c:\windows\Installer\3876ea.msp
c:\windows\Installer\3876eb.msp
c:\windows\Installer\3876ec.msp
c:\windows\Installer\3876ed.msp
c:\windows\Installer\3876ee.msp
c:\windows\Installer\387c490.msp
c:\windows\Installer\398298c.msp
c:\windows\Installer\398298d.msp
c:\windows\Installer\398298e.msp
c:\windows\Installer\398298f.msp
c:\windows\Installer\3982990.msp
c:\windows\Installer\3982991.msp
c:\windows\Installer\3982992.msp
c:\windows\Installer\3982993.msp
c:\windows\Installer\3982994.msp
c:\windows\Installer\3b06301.msp
c:\windows\Installer\3b06302.msp
c:\windows\Installer\3b06303.msp
c:\windows\Installer\3b06304.msp
c:\windows\Installer\3b06305.msp
c:\windows\Installer\3b06306.msp
c:\windows\Installer\3b06307.msp
c:\windows\Installer\3b06308.msp
c:\windows\Installer\3b06309.msp
c:\windows\Installer\3c112ea.msp
c:\windows\Installer\3c112eb.msp
c:\windows\Installer\3c112ec.msp
c:\windows\Installer\3c112ed.msp
c:\windows\Installer\3c112ee.msp
c:\windows\Installer\3c112ef.msp
c:\windows\Installer\3c112f0.msp
c:\windows\Installer\3c112f1.msp
c:\windows\Installer\3c112f2.msp
c:\windows\Installer\3d9d432.msp
c:\windows\Installer\3d9d433.msp
c:\windows\Installer\3d9d434.msp
c:\windows\Installer\3d9d435.msp
c:\windows\Installer\3d9d436.msp
c:\windows\Installer\3d9d437.msp
c:\windows\Installer\3d9d438.msp
c:\windows\Installer\3d9d439.msp
c:\windows\Installer\3d9d43a.msp
c:\windows\Installer\3e947b3.msp
c:\windows\Installer\3e947b4.msp
c:\windows\Installer\3e947b5.msp
c:\windows\Installer\3e947b6.msp
c:\windows\Installer\3e947b7.msp
c:\windows\Installer\3e947b8.msp
c:\windows\Installer\3e947b9.msp
c:\windows\Installer\3e947ba.msp
c:\windows\Installer\3e947bb.msp
c:\windows\Installer\3ed77a9.msp
c:\windows\Installer\3ed77aa.msp
c:\windows\Installer\3ed77ab.msp
c:\windows\Installer\3ed77ac.msp
c:\windows\Installer\3ed77ad.msp
c:\windows\Installer\3ed77ae.msp
c:\windows\Installer\3ed77af.msp
c:\windows\Installer\3ed77b0.msp
c:\windows\Installer\3ed77b1.msp
c:\windows\Installer\4101e83.msp
c:\windows\Installer\4101e84.msp
c:\windows\Installer\4101e85.msp
c:\windows\Installer\4101e86.msp
c:\windows\Installer\4101e87.msp
c:\windows\Installer\4101e88.msp
c:\windows\Installer\4101e89.msp
c:\windows\Installer\4101e8a.msp
c:\windows\Installer\4101e8b.msp
c:\windows\Installer\41ae8.msp
c:\windows\Installer\41ae9.msp
c:\windows\Installer\41aea.msp
c:\windows\Installer\41aeb.msp
c:\windows\Installer\41aec.msp
c:\windows\Installer\41aed.msp
c:\windows\Installer\41aee.msp
c:\windows\Installer\41aef.msp
c:\windows\Installer\41af0.msp
c:\windows\Installer\41be911.msp
c:\windows\Installer\41be912.msp
c:\windows\Installer\41be913.msp
c:\windows\Installer\41be914.msp
c:\windows\Installer\41be915.msp
c:\windows\Installer\41be916.msp
c:\windows\Installer\41be917.msp
c:\windows\Installer\41be918.msp
c:\windows\Installer\41be919.msp
c:\windows\Installer\42778d8.msp
c:\windows\Installer\42778d9.msp
c:\windows\Installer\42778da.msp
c:\windows\Installer\42778db.msp
c:\windows\Installer\42778dc.msp
c:\windows\Installer\42778dd.msp
c:\windows\Installer\42778de.msp
c:\windows\Installer\42778df.msp
c:\windows\Installer\42778e0.msp
c:\windows\Installer\42d4bb0.msp
c:\windows\Installer\42d4bb1.msp
c:\windows\Installer\42d4bb2.msp
c:\windows\Installer\42d4bb3.msp
c:\windows\Installer\42d4bb4.msp
c:\windows\Installer\42d4bb5.msp
c:\windows\Installer\42d4bb6.msp
c:\windows\Installer\42d4bb7.msp
c:\windows\Installer\42d4bb8.msp
c:\windows\Installer\43652a9.msp
c:\windows\Installer\43652aa.msp
c:\windows\Installer\43652ab.msp
c:\windows\Installer\43652ac.msp
c:\windows\Installer\43652ad.msp
c:\windows\Installer\43652ae.msp
c:\windows\Installer\43652af.msp
c:\windows\Installer\43652b0.msp
c:\windows\Installer\43652b1.msp
c:\windows\Installer\438a67d.msp
c:\windows\Installer\438a67e.msp
c:\windows\Installer\438a67f.msp
c:\windows\Installer\438a680.msp
c:\windows\Installer\438a681.msp
c:\windows\Installer\438a682.msp
c:\windows\Installer\438a683.msp
c:\windows\Installer\438a684.msp
c:\windows\Installer\438a685.msp
c:\windows\Installer\460377.msp
c:\windows\Installer\460378.msp
c:\windows\Installer\460379.msp
c:\windows\Installer\46037a.msp
c:\windows\Installer\46037b.msp
c:\windows\Installer\46037c.msp
c:\windows\Installer\46037d.msp
c:\windows\Installer\46037e.msp
c:\windows\Installer\46037f.msp
c:\windows\Installer\49392.msp
c:\windows\Installer\49393.msp
c:\windows\Installer\49394.msp
c:\windows\Installer\49395.msp
c:\windows\Installer\49396.msp
c:\windows\Installer\49397.msp
c:\windows\Installer\49398.msp
c:\windows\Installer\49399.msp
c:\windows\Installer\4939a.msp
c:\windows\Installer\4d745.msp
c:\windows\Installer\4f394.msi
c:\windows\Installer\52737.msp
c:\windows\Installer\52738.msp
c:\windows\Installer\52739.msp
c:\windows\Installer\5273a.msp
c:\windows\Installer\5273b.msp
c:\windows\Installer\5273c.msp
c:\windows\Installer\5273d.msp
c:\windows\Installer\5273e.msp
c:\windows\Installer\5273f.msp
c:\windows\Installer\56848.msp
c:\windows\Installer\56849.msp
c:\windows\Installer\5684a.msp
c:\windows\Installer\5684b.msp
c:\windows\Installer\5684c.msp
c:\windows\Installer\5684d.msp
c:\windows\Installer\5684e.msp
c:\windows\Installer\5684f.msp
c:\windows\Installer\56850.msp
c:\windows\Installer\5d49d7.msp
c:\windows\Installer\5d49d8.msp
c:\windows\Installer\5d49d9.msp
c:\windows\Installer\5d49da.msp
c:\windows\Installer\5d49db.msp
c:\windows\Installer\5d49dc.msp
c:\windows\Installer\5d49dd.msp
c:\windows\Installer\5d49de.msp
c:\windows\Installer\5d49df.msp
c:\windows\Installer\64867.msp
c:\windows\Installer\64868.msp
c:\windows\Installer\64869.msp
c:\windows\Installer\6486a.msp
c:\windows\Installer\6486b.msp
c:\windows\Installer\6486c.msp
c:\windows\Installer\6486d.msp
c:\windows\Installer\6486e.msp
c:\windows\Installer\6486f.msp
c:\windows\Installer\6a81b.msp
c:\windows\Installer\6a81c.msp
c:\windows\Installer\6a81d.msp
c:\windows\Installer\6a81e.msp
c:\windows\Installer\6a81f.msp
c:\windows\Installer\6a820.msp
c:\windows\Installer\6a821.msp
c:\windows\Installer\6a822.msp
c:\windows\Installer\6a823.msp
c:\windows\Installer\7d87de.msp
c:\windows\Installer\7d87df.msp
c:\windows\Installer\7d87e0.msp
c:\windows\Installer\7d87e1.msp
c:\windows\Installer\7d87e2.msp
c:\windows\Installer\7d87e3.msp
c:\windows\Installer\7d87e4.msp
c:\windows\Installer\7d87e5.msp
c:\windows\Installer\7d87e6.msp
c:\windows\Installer\8077bad.msp
c:\windows\Installer\8077bae.msp
c:\windows\Installer\8077baf.msp
c:\windows\Installer\8077bb0.msp
c:\windows\Installer\8077bb1.msp
c:\windows\Installer\8077bb2.msp
c:\windows\Installer\8077bb3.msp
c:\windows\Installer\8077bb4.msp
c:\windows\Installer\8077bb5.msp
c:\windows\Installer\85ab6fd.msp
c:\windows\Installer\85ab6fe.msp
c:\windows\Installer\85ab6ff.msp
c:\windows\Installer\85ab700.msp
c:\windows\Installer\85ab701.msp
c:\windows\Installer\85ab702.msp
c:\windows\Installer\85ab703.msp
c:\windows\Installer\85ab704.msp
c:\windows\Installer\85ab705.msp
c:\windows\Installer\87088be.msp
c:\windows\Installer\87088bf.msp
c:\windows\Installer\87088c0.msp
c:\windows\Installer\87088c1.msp
c:\windows\Installer\87088c2.msp
c:\windows\Installer\87088c3.msp
c:\windows\Installer\87088c4.msp
c:\windows\Installer\87088c5.msp
c:\windows\Installer\87088c6.msp
c:\windows\Installer\870bf3f.msp
c:\windows\Installer\870bf40.msp
c:\windows\Installer\870bf41.msp
c:\windows\Installer\870bf42.msp
c:\windows\Installer\870bf43.msp
c:\windows\Installer\870bf44.msp
c:\windows\Installer\870bf45.msp
c:\windows\Installer\870bf46.msp
c:\windows\Installer\870bf47.msp
c:\windows\Installer\8ae0259.msp
c:\windows\Installer\8dbc6c9.msp
c:\windows\Installer\8dbc6ca.msp
c:\windows\Installer\8dbc6cb.msp
c:\windows\Installer\8dbc6cc.msp
c:\windows\Installer\8dbc6cd.msp
c:\windows\Installer\8dbc6ce.msp
c:\windows\Installer\8dbc6cf.msp
c:\windows\Installer\8dbc6d0.msp
c:\windows\Installer\8dbc6d1.msp
c:\windows\Installer\95ef9a3.msp
c:\windows\Installer\95ef9a4.msp
c:\windows\Installer\95ef9a5.msp
c:\windows\Installer\95ef9a6.msp
c:\windows\Installer\95ef9a7.msp
c:\windows\Installer\95ef9a8.msp
c:\windows\Installer\95ef9a9.msp
c:\windows\Installer\95ef9aa.msp
c:\windows\Installer\95ef9ab.msp
c:\windows\Installer\9fa4e6.msp
c:\windows\Installer\9fa4e7.msp
c:\windows\Installer\9fa4e8.msp
c:\windows\Installer\9fa4e9.msp
c:\windows\Installer\9fa4ea.msp
c:\windows\Installer\9fa4eb.msp
c:\windows\Installer\9fa4ec.msp
c:\windows\Installer\9fa4ed.msp
c:\windows\Installer\9fa4ee.msp
c:\windows\Installer\b6e876.msi
c:\windows\Installer\b6e877.msp
c:\windows\Installer\b6e878.msp
c:\windows\Installer\b6e879.msp
c:\windows\Installer\b6e87a.msp
c:\windows\Installer\b6e87b.msp
c:\windows\Installer\b6e87c.msp
c:\windows\Installer\b6e87d.msp
c:\windows\Installer\b6e87e.msp
c:\windows\Installer\b6e87f.msp
c:\windows\Installer\d5266f.msp
c:\windows\Installer\d52670.msp
c:\windows\Installer\d52671.msp
c:\windows\Installer\d52672.msp
c:\windows\Installer\d52673.msp
c:\windows\Installer\d52674.msp
c:\windows\Installer\d52675.msp
c:\windows\Installer\d52676.msp
c:\windows\Installer\d52677.msp
c:\windows\Installer\d80bae.msp
c:\windows\Installer\d80baf.msp
c:\windows\Installer\d80bb0.msp
c:\windows\Installer\d80bb1.msp
c:\windows\Installer\d80bb2.msp
c:\windows\Installer\d80bb3.msp
c:\windows\Installer\d80bb4.msp
c:\windows\Installer\d80bb5.msp
c:\windows\Installer\d80bb6.msp
c:\windows\Installer\d80bb7.msp
c:\windows\Installer\d8f3b0.msp
c:\windows\Installer\d8f3bb.msp
c:\windows\Installer\d8f3c7.msp
c:\windows\Installer\d8f3f1.msp
c:\windows\Installer\e854cba.msp
c:\windows\Installer\e854cbb.msp
c:\windows\Installer\e854cbc.msp
c:\windows\Installer\e854cbd.msp
c:\windows\Installer\e854cbe.msp
c:\windows\Installer\e854cbf.msp
c:\windows\Installer\e854cc0.msp
c:\windows\Installer\e854cc1.msp
c:\windows\Installer\e854cc2.msp
c:\windows\system32\bszip.dll
c:\windows\system32\calc.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 22:20 . 2009-10-12 22:20 -------- d-----w- c:\documents and settings\Joe\Application Data\Webroot
2009-10-12 22:20 . 2009-05-14 01:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-10-12 22:20 . 2009-10-12 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-12 22:20 . 2009-10-12 22:20 -------- d-----w- c:\program files\Webroot
2009-10-12 18:21 . 2008-06-20 03:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-12 10:02 . 2009-10-12 10:02 -------- d-----w- C:\9dfddd438a0e0976f6dfd7342a39
2009-10-12 10:02 . 2009-10-12 10:02 -------- d-----w- C:\e428179bf115bdf1fb5c653fc3
2009-10-10 16:45 . 2009-10-10 16:45 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Temp
2009-10-10 16:45 . 2009-10-10 16:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-10 16:34 . 2009-10-10 16:34 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Real
2009-10-10 16:33 . 2009-10-10 16:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-10 16:31 . 2009-10-10 16:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-06 05:46 . 2009-10-06 05:46 -------- d-----w- c:\documents and settings\Joe\Application Data\iPodifier
2009-10-06 03:12 . 2009-10-06 03:12 -------- d-----w- c:\program files\ConvertHelper
2009-10-06 02:56 . 2009-10-10 02:03 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2009-10-06 02:55 . 2009-10-06 02:55 -------- d-----w- c:\program files\iPodifier
2009-10-04 18:08 . 2009-10-04 18:13 -------- d-----w- c:\documents and settings\machisono\Application Data\Apple Computer
2009-10-04 18:03 . 2009-10-04 18:03 -------- d-----w- c:\documents and settings\machisono\Local Settings\Application Data\IsolatedStorage
2009-10-04 18:03 . 2009-10-04 18:03 -------- d-----w- c:\documents and settings\machisono\Local Settings\Application Data\Intuit
2009-10-04 18:01 . 2009-10-04 18:02 -------- d-----w- c:\documents and settings\machisono\Local Settings\Application Data\Microsoft
2009-10-04 18:01 . 2009-10-04 18:01 -------- d-----w- c:\documents and settings\machisono
2009-10-02 19:35 . 2009-10-02 19:35 -------- d-----w- c:\program files\CCleaner
2009-09-30 22:29 . 2009-09-30 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 12:26 . 2009-05-02 05:23 1264 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-10-13 12:26 . 2009-05-02 05:10 408488 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-10-13 12:26 . 2009-05-02 05:10 408488 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-13 12:26 . 2008-02-13 20:17 1264 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-10-12 18:20 . 2008-02-13 20:17 -------- d-----w- c:\program files\Panda Security
2009-10-12 18:09 . 2007-04-23 20:06 -------- d-----w- c:\program files\RezStream
2009-10-10 22:16 . 2009-03-03 05:41 -------- d-----w- c:\program files\iTunes
2009-10-10 22:14 . 2007-07-04 20:38 -------- d-----w- c:\program files\Common Files\Apple
2009-10-10 22:05 . 2007-01-02 00:11 -------- d-----w- c:\program files\QuickTime
2009-10-10 16:34 . 2007-04-10 14:35 -------- d-----w- c:\program files\Common Files\Real
2009-10-10 16:31 . 2006-11-13 02:22 -------- d-----w- c:\program files\Google
2009-10-08 02:38 . 2006-10-02 03:09 -------- d-----w- c:\program files\Azureus
2009-10-08 02:38 . 2006-10-02 03:09 -------- d-----w- c:\documents and settings\Joe\Application Data\Azureus
2009-10-04 18:02 . 2009-10-04 18:02 78464 ----a-w- c:\documents and settings\machisono\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-04 18:02 . 2009-10-04 18:02 132 ----a-w- c:\documents and settings\machisono\Local Settings\Application Data\fusioncache.dat
2009-10-03 19:53 . 2006-09-17 03:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 19:52 . 2009-01-04 23:15 -------- d-----w- c:\program files\Trellian
2009-10-03 19:24 . 2006-10-02 03:12 -------- d-----w- c:\program files\LimeWire
2009-10-01 13:33 . 2007-01-02 00:12 -------- d-----w- c:\documents and settings\Joe\Application Data\Apple Computer
2009-09-30 22:29 . 2009-03-03 05:41 -------- d-----w- c:\program files\iPod
2009-09-10 16:55 . 2008-08-12 03:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 05:42 . 2009-05-02 16:15 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 05:42 . 2008-10-11 04:13 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-01-10 22:52 . 2008-04-19 21:23 65 ----a-w- c:\program files\Common Files\appop.log
2006-09-30 22:52 . 2006-09-30 22:52 32 -csha-w- c:\windows\{7B58CE0A-D41A-4C97-A444-0D6BFB2997D6}.dat
2006-10-01 00:39 . 2006-10-01 00:39 5 -csha-w- c:\windows\system32\beaafadcc_s.dll
2006-05-03 09:06 . 2009-01-01 22:35 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-01-01 22:35 31232 --sh--r- c:\windows\system32\msfDX.dll
2006-09-30 22:52 . 2006-09-30 22:52 32 -csha-w- c:\windows\system32\{ADAE1D18-A97F-447A-92F2-2A4AE0A38F21}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-03 36864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-05 437008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-05 455984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-22 305440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-14 177440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-17 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-14 6345840]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-1 113664]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2006-9-16 987136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-19 270336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-3-3 196608]
QuickBooks Database Server Manager.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [2006-12-26 140832]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-12-26 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 05:02 50736 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [1/10/2009 12:51 PM 38784]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/12/2009 8:21 AM 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2/13/2008 10:17 AM 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2/13/2008 10:17 AM 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2/13/2008 10:17 AM 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2/13/2008 10:17 AM 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2/13/2008 10:17 AM 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2/13/2008 10:15 AM 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2/13/2008 10:17 AM 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2/13/2008 10:17 AM 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2/13/2008 10:17 AM 24760]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2/13/2008 10:15 AM 178872]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [10/12/2009 12:20 PM 1205760]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2/13/2008 10:17 AM 143160]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/16/2006 5:47 PM 176128]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/16/2006 5:47 PM 13532]
S2 gupdate1ca49c726445554;Google Update Service (gupdate1ca49c726445554);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 6:31 AM 133104]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [1/10/2009 12:51 PM 116224]
S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2/13/2008 10:17 AM 143160]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\SRS_ViewSonic_i386.sys [2/18/2009 6:37 PM 37504]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]

2009-10-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 21:20]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 16:31]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 16:31]

2009-10-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 08:18]

2009-10-12 c:\windows\Tasks\wrSpySweeper_L2170FCC17A0546959B12FBE850229F3C.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-12 01:40]

2009-10-12 c:\windows\Tasks\wrSpySweeper_L2170FCC17A0546959B12FBE850229F3C.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-12 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kauaibeachrentals.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e219305faa7042e1b116a3c4570a71f3
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e219305faa7042e1b116a3c4570a71f3
LSP: c:\program files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\ux0htms7.default\
FF - component: c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\ux0htms7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 02:23
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(8212)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PAVSRV51.EXE
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Panda Security\Panda Antivirus + Firewall 2008\WEBPROXY.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-13 2:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 12:37

Pre-Run: 266,128,039,936 bytes free
Post-Run: 265,767,608,320 bytes free

847 --- E O F --- 2009-10-12 12:39

#6 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 14 October 2009 - 03:38 PM

1) MBAM
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

2) ESET
You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

3) What You Will Need To Post:
  • MBAM log
  • ESET log

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#7 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 14 October 2009 - 09:23 PM

hi raktor, i ran the malaware, it found 2 infections and i removed them, i saved the log to the desktop and i then proceeded with the ESET but after allowing the Active X to install the program, it would not install. I then started having problems with the computer, now when i try to startup the xp starts and then a screen comes up that says detecting drives, this screens stays up for 30-60 seconds and then it goes blank and only the arrow apears on the screen. any thoughts would be helpful

#8 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 15 October 2009 - 06:10 PM

Is it possible to boot into safe mode?

Please reboot your computer in Safe Mode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually.
  • Instead of Windows loading as normal, a menu with options should appear.
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#9 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 17 October 2009 - 12:17 AM

Malwarebytes' Anti-Malware 1.41 Database version: 2963 Windows 5.1.2600 Service Pack 3 10/14/2009 1:13:59 PM mbam-log-2009-10-14 (13-13-59).txt Scan type: Quick Scan Objects scanned: 119478 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Joe\Desktop\Setup.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully. the eset log read: win32/daonol.g trojan win32spy/zbotIB trojan sorry i couldn't find where i saved it... or it did not save

#10 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 17 October 2009 - 10:00 PM

One more log just to make sure then.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#11 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 18 October 2009 - 11:25 AM

OTL logfile created on: 10/18/2009 7:16:40 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.23% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 247.01 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 485.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 372.60 Gb Total Space | 237.73 Gb Free Space | 63.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SYLVESTE-EACB35
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (Panda Software)
PRC - C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE (Panda Software International)
PRC - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimsvc.exe (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe (Panda Software International)
PRC - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe (Panda Security International)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (gupdate1ca49c726445554 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LVCOMSer [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Panda Software Controller [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe (Panda Software International)
SRV - (PAVFNSVR [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe (Panda Software International)
SRV - (PavPrSrv [Auto | Running]) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (Panda Software)
SRV - (PAVSRV [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe (Panda Software International)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PSHost [Auto | Running]) -- c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE (Panda Software International)
SRV - (PSIMSVC [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimsvc.exe (Panda Software International)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ( )
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB17 [Auto | Running]) -- C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
SRV - (TPSrv [Auto | Running]) -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe (Panda Software International)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

========== Driver Services (SafeList) ==========

DRV - (ADIDTSFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (APPFLT [System | Running]) -- C:\WINDOWS\System32\Drivers\APPFLT.SYS (Panda Software)
DRV - (AvFlt [On_Demand | Running]) -- File not found
DRV - (CDRPDACC [Auto | Running]) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS (Arrowkey)
DRV - (cpoint [Auto | Running]) -- C:\WINDOWS\System32\drivers\cpoint.sys (Panda Software)
DRV - (dot4ufd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hppaufd0.sys (HP)
DRV - (DSAFLT [System | Running]) -- C:\WINDOWS\System32\Drivers\DSAFLT.SYS (Panda Software International)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (FNETMON [System | Running]) -- C:\WINDOWS\System32\Drivers\fnetmon.SYS (Panda Software)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IDSFLT [System | Running]) -- C:\WINDOWS\System32\Drivers\IDSFLT.SYS (Panda Software International)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (ivicd [Boot | Running]) -- C:\WINDOWS\system32\drivers\ivicd.sys (InterVideo)
DRV - (iviudf [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\IviUdf.sys (InterVideo)
DRV - (JGOGO [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys ()
DRV - (lvselsus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvselsus.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (NETFLTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NETFLTDI.SYS (Panda Software)
DRV - (NETIMFLT [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\netimflt.sys (Panda Software)
DRV - (NETIMFLT01050097 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\netimflt.sys (Panda Software)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PAVDRV [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys (Panda Software International)
DRV - (PavProc [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys (Panda Software International)
DRV - (PavSRK.sys [On_Demand | Running]) -- File not found
DRV - (PavTPK.sys [On_Demand | Running]) -- File not found
DRV - (Pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ShldDrv [System | Running]) -- C:\WINDOWS\System32\Drivers\ShlDrv51.sys (Panda Software)
DRV - (SMSFLT [System | Running]) -- C:\WINDOWS\System32\Drivers\SMSFLT.SYS (Panda Software International)
DRV - (SRS_ViewSonic [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\srs_ViewSonic_i386.sys ()
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymEvent [On_Demand | Stopped]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WNMFLT [System | Running]) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS (Panda Software International)
DRV - (yukonwxp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kauaibeachrentals.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20090917Wb1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/10 19:47:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/10 12:06:37 | 00,000,000 | ---D | M]

[2008/08/28 20:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2008/08/28 20:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/16 17:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\ux0htms7.default\extensions
[2009/10/05 19:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\ux0htms7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/02 09:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\ux0htms7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 17:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\ux0htms7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/16 17:17:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 07:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/07 14:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/04/19 11:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/11/28 18:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/09/13 07:48:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 07:48:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/13 07:48:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/10 06:34:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/10/10 12:06:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/10 12:06:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/10 12:06:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/10 12:06:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/10 12:06:36 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/10 12:06:36 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/10 12:06:36 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/10/10 06:34:09 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/10/10 06:33:56 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/05 05:36:57 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/05 05:36:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/05 05:36:57 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/05 05:36:57 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/05 05:36:57 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/05 05:36:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/05 05:36:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll (Panda Software International)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1158470061578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1158609863000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 17:04:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\*.tmp files]
[2009/09/30 12:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/05 19:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/10/14 13:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/10 06:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/12 12:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/10/05 19:46:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\iPodifier
[2009/10/14 13:03:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes
[2009/10/05 16:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\vlc
[2009/10/12 12:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Webroot
[2009/10/14 07:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\PCHealth
[2009/10/10 06:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Real
[2009/10/10 06:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Temp
[3 C:\Documents and Settings\Joe\My Documents\*.tmp files]
[2009/10/10 06:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/02 09:35:48 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/05 17:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2009/10/05 16:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPodifier
[2009/10/14 13:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 10:22:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/12 12:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/10/18 07:15:11 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/16 20:15:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/16 10:43:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/16 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2009/10/16 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2009/10/16 00:13:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2009/10/16 00:13:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\History
[2009/10/14 13:03:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/14 13:03:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/14 13:02:28 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/10/12 21:35:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/12 21:35:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/12 21:35:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/12 21:35:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/12 21:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/12 21:34:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/12 12:20:04 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/10/12 08:21:35 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/10/12 00:02:05 | 00,000,000 | ---D | C] -- C:\9dfddd438a0e0976f6dfd7342a39
[2009/10/12 00:02:01 | 00,000,000 | ---D | C] -- C:\e428179bf115bdf1fb5c653fc3
[2009/10/10 11:54:39 | 93,074,728 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Joe\Desktop\iTunesSetup.exe
[2009/10/10 06:36:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\My Documents\Downloads
[2009/10/10 06:34:00 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/10 06:33:53 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/10 06:33:53 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/05 17:12:21 | 03,782,822 | ---- | C] (DownloadHelper ) -- C:\Documents and Settings\Joe\Desktop\ConvertHelperSetup.exe
[2009/10/05 16:54:35 | 09,211,285 | ---- | C] (InstallShield Software Corporation ) -- C:\Documents and Settings\Joe\Desktop\iPodifierv1_50_0_4.exe
[2009/10/02 09:34:51 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Joe\Desktop\ccsetup224.exe
[2008/06/09 21:41:30 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Joe\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[39 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Joe\My Documents\*.tmp files]
[2009/10/18 07:15:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/10/18 07:13:53 | 00,260,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2009/10/18 07:13:53 | 00,260,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2009/10/18 07:13:53 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2009/10/18 07:13:53 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2009/10/18 07:10:13 | 00,419,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2009/10/18 07:10:13 | 00,419,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2009/10/18 07:10:13 | 00,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2009/10/18 07:10:13 | 00,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2009/10/18 07:10:13 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2009/10/18 07:10:13 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2009/10/18 07:10:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2009/10/18 07:10:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2009/10/18 07:10:13 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2009/10/18 07:10:13 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2009/10/18 07:10:13 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2009/10/18 07:10:13 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2009/10/18 07:08:49 | 00,063,084 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/18 07:08:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 07:08:37 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/18 07:07:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 07:06:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 16:45:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/17 16:24:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/16 21:27:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 21:01:31 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/16 17:46:08 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/16 17:14:21 | 02,664,072 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\esetsmartinstaller_enu.exe
[2009/10/16 10:41:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/16 10:22:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/10/14 13:03:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 13:02:54 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joe\Desktop\mbam-setup.exe
[2009/10/14 11:21:44 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Aloha and Welcome to our refuge here in Poipu Beach.doc
[2009/10/14 11:20:46 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/10/14 10:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/14 07:41:36 | 00,008,051 | ---- | M] () -- C:\WINDOWS\ccscan4.ini
[2009/10/13 13:18:54 | 00,555,820 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/13 13:18:54 | 00,480,312 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/13 13:18:54 | 00,086,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 13:12:08 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/13 07:41:19 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Microsoft Office Outlook 2003.lnk
[2009/10/13 02:40:08 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Windows Explorer.lnk
[2009/10/12 21:31:20 | 00,000,286 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to ComboFix.lnk
[2009/10/12 20:28:21 | 00,002,767 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Attach.zip
[2009/10/12 20:10:09 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/12 17:09:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\settings.dat
[2009/10/12 16:57:13 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to RootRepeal.lnk
[2009/10/12 16:01:12 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to dds.lnk
[2009/10/12 12:20:42 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/10/12 12:15:11 | 00,000,295 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to uhssp610128.lnk
[2009/10/12 08:20:33 | 00,177,240 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\activescan2_en.exe
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 12:16:47 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/10 12:05:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/10 11:57:18 | 93,074,728 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Joe\Desktop\iTunesSetup.exe
[2009/10/10 06:34:06 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/10 06:34:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/10 06:33:53 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/10 06:33:53 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/10 06:33:36 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/05 17:12:34 | 03,782,822 | ---- | M] (DownloadHelper ) -- C:\Documents and Settings\Joe\Desktop\ConvertHelperSetup.exe
[2009/10/05 16:55:37 | 00,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPodifier.lnk
[2009/10/05 16:54:49 | 09,211,285 | ---- | M] (InstallShield Software Corporation ) -- C:\Documents and Settings\Joe\Desktop\iPodifierv1_50_0_4.exe
[2009/10/05 16:52:58 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/05 16:51:06 | 18,527,244 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\vlc-1.0.2-win32.exe
[2009/10/04 08:02:18 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/10/02 14:49:03 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\appleipod.bat
[2009/10/02 09:34:55 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Joe\Desktop\ccsetup224.exe
[2009/10/02 08:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/28 14:10:59 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\KBRtelephone record.xls
[2009/09/24 19:37:11 | 00,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/09/24 19:37:11 | 00,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/09/24 19:37:11 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/09/24 19:37:11 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/09/24 19:37:10 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/09/24 19:37:10 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/09/24 19:37:10 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/09/24 19:37:10 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/09/24 19:37:09 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/09/24 19:37:09 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/09/20 15:33:29 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Hi Beverly changes.doc

========== Files - No Company Name ==========
[2009/10/16 17:13:54 | 02,664,072 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\esetsmartinstaller_enu.exe
[2009/10/16 10:22:43 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/10/14 13:03:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 22:08:11 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 21:35:20 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/12 21:35:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/12 21:35:20 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/12 21:35:20 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/12 21:31:20 | 00,000,286 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to ComboFix.lnk
[2009/10/12 20:28:21 | 00,002,767 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Attach.zip
[2009/10/12 17:09:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\settings.dat
[2009/10/12 16:57:13 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to RootRepeal.lnk
[2009/10/12 16:01:12 | 00,000,584 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to dds.lnk
[2009/10/12 12:20:42 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2009/10/12 12:15:11 | 00,000,295 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Shortcut to uhssp610128.lnk
[2009/10/12 08:20:33 | 00,177,240 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\activescan2_en.exe
[2009/10/10 12:05:23 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/10 06:40:30 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/10 06:40:30 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/10 06:34:06 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/10 06:31:55 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/05 16:55:37 | 00,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPodifier.lnk
[2009/10/05 16:49:46 | 18,527,244 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\vlc-1.0.2-win32.exe
[2009/09/28 14:10:59 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\KBRtelephone record.xls
[2009/09/26 17:59:12 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\Aloha and Welcome to our refuge here in Poipu Beach.doc
[2009/09/20 07:54:32 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\Hi Beverly changes.doc
[2009/06/26 15:39:23 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/02/18 18:37:44 | 00,037,504 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_ViewSonic_i386.sys
[2009/02/18 18:37:44 | 00,019,712 | R--- | C] () -- C:\WINDOWS\System32\drivers\GraphicEQ_opt_kern_i386.sys
[2009/01/10 12:51:54 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/10 12:51:54 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/10 12:51:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/10 12:51:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/10 12:51:54 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/10 12:51:54 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/01/10 12:51:24 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2009/01/01 12:55:38 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2009/01/01 12:35:24 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2009/01/01 12:35:23 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/06/09 21:41:30 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\pcouffin.cat
[2008/06/09 21:41:30 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\pcouffin.inf
[2008/06/09 21:41:30 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\pcouffin.log
[2008/05/12 15:53:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/12 15:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/12 15:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 15:50:08 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/12 15:49:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/19 11:23:25 | 00,000,065 | ---- | C] () -- C:\Program Files\Common Files\appop.log
[2008/02/20 19:55:07 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/27 16:29:28 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/27 16:29:28 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/27 15:56:13 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/27 15:56:13 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/27 15:56:13 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/12/27 15:56:13 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/10/11 18:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/08/28 08:47:35 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/08/28 08:25:04 | 00,001,970 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/03 09:07:58 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/02 19:05:14 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/02 22:22:47 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/02 22:22:46 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/02 10:50:56 | 00,001,269 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/11/22 20:11:54 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
[2006/10/01 17:40:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/10/01 17:40:15 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/09/30 15:15:04 | 00,000,044 | ---- | C] () -- C:\WINDOWS\W9kenl42.dll
[2006/09/30 15:14:21 | 00,008,051 | ---- | C] () -- C:\WINDOWS\ccscan4.ini
[2006/09/30 14:39:43 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\beaafadcc_s.dll
[2006/09/30 13:59:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/16 21:57:56 | 00,078,464 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/16 18:16:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2006/09/16 18:14:26 | 00,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2006/09/16 18:14:26 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2006/09/16 17:27:54 | 00,024,285 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2006/09/16 17:26:08 | 00,023,885 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/09/16 17:26:07 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/09/16 17:26:04 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/09/16 17:24:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Joe\Application Data\desktop.ini
[2006/09/16 05:03:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/12/13 20:51:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/13 20:51:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/13 20:51:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/13 20:51:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/13 20:51:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/13 20:51:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/13 20:51:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 02:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/05/04 08:29:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 12:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/09/13 13:52:08 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\reg.dll
[2001/07/31 03:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/04 13:25:00 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 00,000,478 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2009/10/14 13:03:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/30 12:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 07:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/01 16:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/12/27 16:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/11/22 20:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2006/09/16 18:17:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/01/01 13:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/01/01 09:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/12/27 05:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/04/04 21:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/05/02 06:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/13 10:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2008/06/09 21:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/15 11:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/14 13:03:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Joe\Application Data
[2008/07/04 20:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVI ReComp
[2007/12/27 16:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\AVS4YOU
[2009/10/17 17:04:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Azureus
[2006/09/16 18:18:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\CyberLink
[2008/06/05 18:14:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\GeoVid
[2009/01/10 12:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\InterVideo
[2006/11/22 20:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Intuit
[2009/10/05 19:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\iPodifier
[2006/09/30 14:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Leadertech
[2009/01/01 12:58:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\LimeWire
[2007/01/02 19:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Red Chair Software
[2008/06/09 21:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Vso
[2009/10/14 10:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/10/17 16:24:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/18 07:08:37 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/17 16:45:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/18 07:07:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
< End of report >


OTL Extras logfile created on: 10/18/2009 7:16:57 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.23% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 247.01 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 485.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 372.60 Gb Total Space | 237.73 Gb Free Space | 63.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SYLVESTE-EACB35
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PAVSCRIP.EXE (Panda Software International)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
jsefile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
vbsfile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wsffile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wshfile [open] -- C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{873D68B3-EDE5-4DFD-85AC-FFC430FB7EE2}" = Form Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo Launcher
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{98032D6F-3EE6-4646-B68C-40BF012AC89B}" = Panda Antivirus + Firewall 2008
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D187FF17-89F8-455F-ACC4-E7A70746A2C2}" = Extensis Intellihance Pro 4.0
"{D4163F73-AAE4-4E4F-9E9E-70828C2ADB58}" = iPodifier
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F02CF4B0-05EC-4938-A8D2-F739AF3B4363}" = Microsoft IntelliType Pro 5.5
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmoK DVD Shrinker" = AmoK DVD Shrinker 1.3
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AVI ReComp" = AVI ReComp 1.4.3
"AviSynth" = AviSynth 2.5
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS VideotoGO_is1" = AVS Video to GO
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"Azureus" = Azureus
"CCleaner" = CCleaner (remove only)
"Complete Cleanup_is1" = Complete Cleanup
"Crystal Player" = Crystal Player Professional 1.97
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD X Rescue" = DVD X Rescue
"dvdSanta 4.00 - Create Your Own DVD Movies!_is1" = dvdSanta 4.00
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"Jack the CD Ripper_is1" = Jack the CD Ripper v2.0
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"LiveReg" = LiveReg (Symantec Corporation)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = FolderClone
"ST6UNST #2" = RezStream Professional 2007
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"VLC media player" = VLC media player 1.0.2
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP TCP/IP Repair_is1" = XP TCP/IP Repair
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 7:20:09 PM | Computer Name = SYLVESTE-EACB35 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup52E5.txt.

Error - 10/13/2009 7:20:09 PM | Computer Name = SYLVESTE-EACB35 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup52E5.txt.

Error - 10/13/2009 7:20:09 PM | Computer Name = SYLVESTE-EACB35 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup52E5.txt.

Error - 10/13/2009 7:20:09 PM | Computer Name = SYLVESTE-EACB35 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup52E5.txt.

Error - 10/14/2009 4:10:06 AM | Computer Name = SYLVESTE-EACB35 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/14/2009 4:17:52 PM | Computer Name = SYLVESTE-EACB35 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/16/2009 4:20:44 PM | Computer Name = SYLVESTE-EACB35 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/17/2009 3:27:55 AM | Computer Name = SYLVESTE-EACB35 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/17/2009 12:41:32 PM | Computer Name = SYLVESTE-EACB35 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/17/2009 11:20:50 PM | Computer Name = SYLVESTE-EACB35 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 10/13/2009 4:24:30 PM | Computer Name = SYLVESTE-EACB35 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 10/13/2009 7:09:07 PM | Computer Name = SYLVESTE-EACB35 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 10/13/2009 7:09:07 PM | Computer Name = SYLVESTE-EACB35 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 10/13/2009 7:20:47 PM | Computer Name = SYLVESTE-EACB35 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/13/2009 7:37:13 PM | Computer Name = SYLVESTE-EACB35 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TOSHIBA-USER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1FD78618-6EEF-4. The master browser is stopping or an election is being
forced.

Error - 10/13/2009 8:49:16 PM | Computer Name = SYLVESTE-EACB35 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TOSHIBA-USER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1FD78618-6EEF-4. The master browser is stopping or an election is being
forced.

Error - 10/13/2009 10:25:29 PM | Computer Name = SYLVESTE-EACB35 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TOSHIBA-USER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1FD78618-6EEF-4. The master browser is stopping or an election is being
forced.

Error - 10/13/2009 11:25:33 PM | Computer Name = SYLVESTE-EACB35 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TOSHIBA-USER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1FD78618-6EEF-4. The master browser is stopping or an election is being
forced.

Error - 10/17/2009 11:20:30 PM | Computer Name = SYLVESTE-EACB35 | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 10/17/2009 11:20:51 PM | Computer Name = SYLVESTE-EACB35 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 1 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB953300).


< End of report >

#12 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 18 October 2009 - 08:17 PM

1) P2P Warning
P2P - I see you have P2P software (Azureus, LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

2) Update Java
Your version of Java is outdated.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) What You Will Need To Post:
  • How the system is performing now - still redirecting?

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#13 machisono

machisono

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 19 October 2009 - 05:45 PM

System is performing great. Thank you for your dedication to resolving my problem. Cheers Machisono

#14 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 19 October 2009 - 08:44 PM

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

You may remove other programs we have used, and their resulting logs.

How to reduce your chances of infection in the future

Web Browsers
Internet Explorer does come pre-installed with all Windows machines - but this doesn't necessarily mean you have to use it! Because it is the most widely used browser, it is targeted by more malware writers, making you more susceptible to infection. There are many other free alternatives out there that offer better security, take one of these for a spin and see if it takes your fancy.
Mozilla Firefox
Google Chrome
Opera

WOT - Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for Firefox, Google Chrome and Internet Explorer.

If you would prefer to keep using Internet Explorer, follow these additional steps to make the browser more secure.
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Additional Security Measures
Keep your software up-to-date - You should be manually performing updates of your software once a week to ensure that you are current with anti-virus definitions and patched for any security vulnerabilities. This does not just apply to your anti-virus/anti-malware software; malware authors rely on exploiting commonly used software such as Java and Adobe Reader, which need to be kept up to date as well.

Keep Windows up-to-date - Use Windows Update regularly to stay current with security patches and service packs.

MVPS Hosts File - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

Firewalls - Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient - but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.

What Not To Do
The Perils of P2P File Sharing - Even if a P2P application is on the 'safe' list, malware can still be downloaded through infected files - executables, zip files and even MP3s. It is just not worth the risk.

Fake Security/Optimization Software - Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Additional Reading
How to prevent Malware - I strongly recommend that you read Miekiemoses' good advice

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#15 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 22 October 2009 - 05:18 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users