Jump to content

tadpole1954

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by tadpole1954

  1. Dad was needing his computer so I found a thread similar to mine from Pyromaniac. I followed the advice given. I ran combofix and malwarebytes. The logs follow. ComboFix 10-03-18.01 - Owner 03/18/2010 17:46:03.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.457 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\alot c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml.backup c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup c:\documents and settings\Owner\Application Data\alot\products\products.xml c:\documents and settings\Owner\Application Data\alot\products\products.xml.backup c:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1033_alot_music_search.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1033_alot_music_search.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1310_alot_mus_lyrics.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1310_alot_mus_lyrics.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\clear.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\cloudy.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\mcloud.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\nclear.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\nmcloud.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\pcloud.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1029_alot_rss.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1029_alot_rss.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_freemusic.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_freemusic.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_mymusic.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.png c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.png c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png c:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup c:\documents and settings\Owner\Application Data\alot\toolbar.xml c:\documents and settings\Owner\Application Data\alot\toolbar.xml.backup c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup c:\documents and settings\Owner\Local Settings\Application Data\ave.exe c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2ybPj05dt.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\3aN1Sc00l.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\7nxB3.jpg c:\documents and settings\Owner\Local Settings\Temporary Internet Files\S5g886S8e.jpg c:\program files\alot c:\program files\alot\alotUninst.exe c:\program files\alot\bin\alot.dll c:\program files\Common Files\file.exe c:\program files\Common Files\InternetAntivirusPro.exe c:\recycler\S-1-5-21-2834401550-404900973-3593331270-1003 c:\recycler\S-1-5-21-3606347674-2446015613-2949392036-1003 D:\Autorun.inf G:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 ))))))))))))))))))))))))))))))) . 2010-03-18 22:39 . 2010-03-18 22:40 -------- d-----w- C:\32788R22FWJFW 2010-03-18 22:37 . 2010-02-12 23:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-03-18 00:54 . 2006-04-06 00:38 110592 ----a-w- c:\documents and settings\Owner\Application Data\U3\temp\cleanup.exe 2010-03-18 00:52 . 2010-03-18 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\U3 2010-03-16 14:49 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG.SYS 2010-03-16 14:49 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX15.SYS 2010-03-16 14:49 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\CCERASER.DLL 2010-03-16 14:49 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\ECMSVR32.DLL 2010-03-16 14:49 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\EECTRL.SYS 2010-03-16 14:49 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\ERASER.SYS 2010-03-16 14:49 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG32.DLL 2010-03-16 14:49 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX32A.DLL 2010-03-14 23:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys 2010-03-14 23:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll 2010-03-14 23:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys 2010-03-14 23:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll 2010-03-14 23:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys 2010-03-11 01:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys 2010-03-11 01:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys 2010-03-11 01:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll 2010-03-11 01:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll 2010-03-11 01:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys 2010-03-10 18:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-18 01:42 . 2009-07-28 18:08 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-11 14:51 . 2009-12-05 23:23 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-31 16:50 . 2006-05-07 01:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2006-05-07 01:24 916480 ----a-w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-05 23:20 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-16 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-16 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-16 94208] "CHotkey"="zHotkey.exe" [2006-11-07 547840] "ShowWnd"="ShowWnd.exe" [2005-01-27 36864] "ModPS2"="ModPS2Key.exe" [2006-11-07 53248] "RTHDCPL"="RTHDCPL.EXE" [2008-03-16 16132608] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-23 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888] c:\documents and settings\Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [1/27/2010 6:20 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [1/27/2010 6:20 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [1/27/2010 6:20 PM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 6:23 PM 329592] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 6:20 PM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 6:39 PM 102448] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692] . Contents of the 'Scheduled Tasks' folder 2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe AddRemove-InterAntiVPro_is1 - c:\program files\Internet Antivirus Pro\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-18 18:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . Completion time: 2010-03-18 18:09:47 ComboFix-quarantined-files.txt 2010-03-18 23:09 Pre-Run: 93,371,400,192 bytes free Post-Run: 96,078,708,736 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 89513E26962C84D03E877F9682F0A4A0 Malwarebytes' Anti-Malware 1.44 Database version: 3884 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/18/2010 6:53:14 PM mbam-log-2010-03-18 (18-52-20).txt Scan type: Quick Scan Objects scanned: 115060 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntiVirus) -> No action taken.
  2. Hi all. I am writing on behalf of my dad. His computer is infected with xp defender pro. I saw some other posts with the same problem and so I downloaded and ran the two programs mentioned. OTL and Gmer. Following are the text files from the two scans in this order. Otl.txt; extras.txt; ark.txt. Thanks in advance to anyone who takes this on. OTL logfile created on: 3/17/2010 8:09:27 PM - Run 2 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.15 Gb Total Space | 84.80 Gb Free Space | 59.65% Space Free | Partition Type: NTFS Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 149.05 Gb Total Space | 143.69 Gb Free Space | 96.40% Space Free | Partition Type: NTFS Drive H: | 973.17 Mb Total Space | 965.47 Mb Free Space | 99.21% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: YOUR-C30BE43EA5 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe () PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Program Files\Maxtor\Sync\MaxSync.exe (Seagate Technology LLC) PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) PRC - C:\WINDOWS\ModPS2Key.exe (Chicony) PRC - C:\WINDOWS\zHotkey.exe () PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe () PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll (Symantec Corporation) MOD - C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll (BackWeb) ========== Win32 Services (SafeList) ========== SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation) SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG.SYS (Symantec Corporation) DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company) DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company) DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company) DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company) DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company) DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3650 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 72 10 D3 60 4B CA 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/28 13:03:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 22:05:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/17 20:03:03 | 000,000,000 | ---D | M] [2008/12/20 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions [2008/12/20 14:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony) O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.176.95.182 72.22.30.25 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/05/11 17:13:39 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/04/18 17:33:36 | 000,950,272 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe" /START "%1" %* () NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/06 20:37:54 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/03/17 19:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3 [2010/03/17 19:35:52 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2010/03/17 19:20:02 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/03/10 13:01:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2009/01/03 15:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/05/06 20:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2006/05/06 20:38:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2006/05/06 20:38:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2005/12/15 12:03:40 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/17 20:05:16 | 000,000,148 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\.~lock.Help dad.doc# [2010/03/17 20:03:16 | 001,424,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2010/03/17 20:03:15 | 001,089,536 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2010/03/17 20:03:06 | 000,019,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QJyrk5wvCU1 [2010/03/17 20:03:06 | 000,019,080 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1 [2010/03/17 20:02:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/03/17 20:02:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/17 20:02:41 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys [2010/03/17 20:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/17 20:01:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2010/03/17 20:01:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/03/17 19:55:03 | 000,015,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Help dad.docm [2010/03/17 19:35:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe [2010/03/17 19:27:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Help dad.doc [2010/03/17 19:22:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1oz0imt7.exe [2010/03/17 19:19:28 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/03/17 17:14:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job [2010/03/16 14:50:32 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe [2010/03/15 20:00:01 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job [2010/03/14 08:13:51 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/14 08:13:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/14 08:13:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/02/24 21:50:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/17 19:59:16 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/17 20:05:16 | 000,000,148 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\.~lock.Help dad.doc# [2010/03/17 19:55:02 | 000,015,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Help dad.docm [2010/03/17 19:29:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Help dad.doc [2010/03/17 19:22:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1oz0imt7.exe [2010/03/16 14:50:38 | 000,019,080 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QJyrk5wvCU1 [2010/03/16 14:50:38 | 000,019,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1 [2010/03/16 14:50:32 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe [2009/03/12 10:03:06 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico [2009/02/08 17:37:32 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/02 14:02:27 | 000,003,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat [2008/10/15 17:12:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2008/10/15 17:10:19 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2008/10/15 16:47:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2008/10/15 16:44:22 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/04/11 13:25:05 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2008/04/11 13:25:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2008/04/11 13:24:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll [2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll [2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll [2008/01/08 09:38:29 | 000,019,286 | ---- | C] () -- C:\Program Files\Common Files\InternetAntivirusPro.exe [2008/01/08 09:38:29 | 000,019,286 | ---- | C] () -- C:\Program Files\Common Files\file.exe [2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll [2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll [2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/06 20:24:27 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/05/06 20:24:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll [2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll ========== LOP Check ========== [2009/02/27 11:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01C5 [2009/02/25 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01D4 [2009/03/20 10:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14119 [2009/04/01 13:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14167 [2009/04/14 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1429F [2008/12/30 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16EA [2009/03/02 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17AB [2009/05/17 16:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1834B [2009/03/13 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C31C [2008/12/31 00:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C37A [2009/03/24 11:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D3A9 [2009/03/22 12:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E2EE [2009/03/01 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\223C8 [2009/02/28 11:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23EA [2009/03/11 17:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\253D8 [2009/04/23 10:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26242 [2009/02/23 12:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26251 [2009/03/05 18:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26CB [2009/03/18 08:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2D138 [2009/01/02 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E1A5 [2009/05/18 10:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F4E [2009/02/17 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323A9 [2009/04/06 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\332EE [2009/03/10 10:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\341A5 [2009/02/26 15:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\36BB [2009/03/16 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38EA [2009/03/15 11:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3A0 [2008/12/26 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\41FD [2009/09/24 18:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\52AF [2009/04/12 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E4E [2009/03/12 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F2BF [2008/10/15 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor [2009/06/14 11:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings [2008/04/11 13:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2008/12/06 18:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\alot [2009/01/05 18:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon [2008/10/15 17:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com [2009/07/28 13:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org [2008/04/11 13:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView [2008/12/02 14:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template [2008/12/31 14:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer [2008/12/20 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug [2010/03/17 17:14:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 3/17/2010 7:58:39 PM - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.15 Gb Total Space | 84.79 Gb Free Space | 59.65% Space Free | Partition Type: NTFS Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 149.05 Gb Total Space | 143.69 Gb Free Space | 96.40% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-C30BE43EA5 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe () ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300 "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant "{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect "{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg "{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb "{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "alotToolbar" = ALOT Toolbar "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3 "Ask Toolbar_is1" = Ask Toolbar "BearShare MediaBar" = MediaBar 2.0 "EsetOnlineScanner" = ESET Online Scanner "HDMI" = Intel® Graphics Media Accelerator Driver "HP Document Viewer" = HP Document Viewer 6.1 "HP Imaging Device Functions" = HP Imaging Device Functions 6.1 "HP Photo & Imaging" = HP Photosmart Premier Software 6.1 "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager "InterAntiVPro_is1" = Internet Antivirus (1.1.2.0) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "QuickTime" = QuickTime "WGA" = Windows Genuine Advantage Validation Tool "WildTangent emachines Master Uninstall" = eMachines Games "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/16/2009 4:26:29 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 11/16/2009 4:26:34 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 11/16/2009 4:27:58 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 11/24/2009 12:45:00 AM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/19/2010 6:11:51 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/21/2010 2:30:48 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2/26/2010 7:35:42 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/7/2010 8:48:10 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/7/2010 8:48:14 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/10/2010 4:08:55 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. < End of report > GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-17 20:41:50 Windows 5.1.2600 Service Pack 3 Running: 1oz0imt7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agxiyaow.sys ---- System - GMER 1.0.15 ---- SSDT 86D91528 ZwAlertResumeThread SSDT 86D91608 ZwAlertThread SSDT 86D13628 ZwAllocateVirtualMemory SSDT 86B5CE38 ZwAssignProcessToJobObject SSDT 86F885E8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA1B1130] SSDT 86C08BB8 ZwCreateMutant SSDT 86C6DFC0 ZwCreateSymbolicLinkObject SSDT 86A87F68 ZwCreateThread SSDT 86BD3B10 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA1B13B0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA1B1910] SSDT 86BE3628 ZwDuplicateObject SSDT 86D477A8 ZwFreeVirtualMemory SSDT 86C197C8 ZwImpersonateAnonymousToken SSDT 86C198A8 ZwImpersonateThread SSDT 86DF1798 ZwLoadDriver SSDT 86D476A8 ZwMapViewOfSection SSDT 86C08AF8 ZwOpenEvent SSDT 86D97DA0 ZwOpenProcess SSDT 86BE3548 ZwOpenProcessToken SSDT 86BD3EF0 ZwOpenSection SSDT 86D97CD0 ZwOpenThread SSDT 86B5CD48 ZwProtectVirtualMemory SSDT 87046C70 ZwResumeThread SSDT 86DCEEC0 ZwSetContextThread SSDT 86DDCC48 ZwSetInformationProcess SSDT 86BD3BF0 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA1B1B60] SSDT 86BD3FD0 ZwSuspendProcess SSDT 86DCED20 ZwSuspendThread SSDT 86C8C370 ZwTerminateProcess SSDT 86DCEE00 ZwTerminateThread SSDT 86DDCD38 ZwUnmapViewOfSection SSDT 86D13558 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 23E8 80501C20 4 Bytes CALL B8D714AA ? SYMEFA.SYS The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.