Trojan: Backdoor: Bifrose.AHYPM [Solved] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 Jun 7 2009, 07:36 PM
Post
#1
|
|
|
Member  Posts: 18 OS: XP  |
Hello and Thank You for allowing me to post. About a month a go, I noticed my laptop becoming slow. When turning it on, the desktop icons take a long time to populate and while toggling between the internet and using apps like Excel at the same time, the computer appears slow. I thought it was a memory issue or my anitivirus, spywareware blaster, malwarebytes, and comodo firewall all running at the same time causing slowness. I also tried downloading the newest adobe flash and although the adobe site confirmed the download I am still unable to view things that require the new flash (for example, on www.zillow.com, when I put a home address to see propery value, I'm still prompted to download the newest adobe flash). Again, I thought this just had to do with the memory on my laptop.
1). Yesterday, I updated my anitivirus, spywareware blaster, malwarebytes, and comodo firewall and today, I ran a scan with my PCTools Antivirus and it came back with infection "Trojan: Backdoor: Bifrose.AHYPM located in C\Windows\Winmedia/svohost.exe. PCTools quarantined and removed it. 2). I then ran a Malwarebytes quick scan that found c\documents+settings\christine schaefer\application data\addon.dat. Malwarebytes quarantined and deleted this. 3). I ran ATF cleaner to delete all temp files 4). I ran CCleaner yesterday and today to delete additional files and fix/delete reg files. I have two backups of these files (600+ that were deleted yesterday and 200+ that were deleted today) 5). Per your guidelines, tonight, I ran TFC. 6). I checked microsoft updates and it said my laptop needed: -a- internet explore 8. (I didn't update to IE8, because I thought it is still in beta stages and not sure if CiTRiX (how I connect to work 1x/week) is compatible with IE8 -b- Office 97 SP2. (I didn't update this, because the laptop is using XP and I'm not sure I need this). Trying to save as much memory as I can  I. Could you please help me to ensure that the infections/viruses are completely gone? II. Does this virus copy keystrokes? III. Are my passwords compromised? IV. I'm confused at how the virus got saved to my laptop. Shouldn't PCTools Antivirus, Malwarebytes, Spyware blaster, or COMODO firewall have prevented the virus from saving to my laptop? Here are my logs. Please let me know if you have any questions or need additional information. Thank You for your help. OTL: OTL.txt OTL logfile created on: 6/7/2009 8:36:04 PM - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Christine Schaefer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.33 Mb Total Physical Memory | 116.98 Mb Available Physical Memory | 46.00% Memory free 625.17 Mb Paging File | 348.37 Mb Available in Paging File | 55.72% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18.58 Gb Total Space | 6.25 Gb Free Space | 33.64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D7X5X741 Current User Name: Christine Schaefer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Program Files\EPSON\ESM2\eEBSVC.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Dell\AccessDirect\dadapp.exe () PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering) PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () PRC - C:\Documents and Settings\Christine Schaefer\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (EpsonBidirectionalService [Auto | Running]) -- C:\Program Files\EPSON\ESM2\eEBSVC.exe () SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (PCTAVSvc [Auto | Running]) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AVFilter [Auto | Running]) -- C:\WINDOWS\system32\drivers\AVFilter.sys (PC Tools Research Pty Ltd) DRV - (AVHook [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AVHook.sys (PC Tools Research Pty Ltd.) DRV - (AVRec [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AVRec.sys (PC Tools Research Pty Ltd ) DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys (Broadcom Corporation) DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (CH341SER [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CH341SER.SYS (www.winchiphead.com) DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO) DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.) DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation) DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation) DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation) DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation) DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (IPN2220 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\i2220ntx.sys (Inprocomm, Inc.) DRV - (LSWPCv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LSRTNDS.SYS (Linksys) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NEOFLTR_600_13911 [System | Running]) -- C:\WINDOWS\system32\Drivers\NEOFLTR_600_13911.SYS (Juniper Networks) DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (odysseyIM3 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.) DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (QV2KUX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\qv2kux.sys (Microsoft Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - ({5C8B2B62-A385-11d5-A78B-00104B672758} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\A311.sys (Intel Corporation) DRV - ({5C8B2B65-A385-11d5-A78B-00104B672758} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\A310.sys (Intel Corporation) DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation) DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ne2.attbb.net FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/05 15:49:27 | 00,000,000 | ---D | M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe (Broadcom Corporation) O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h () O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe () O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (PC Tools Research Pty Ltd) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Juniper Secure DNS (Top)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Juniper Secure DNS (Bottom)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238535137284 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://asg.statestreet.com/dana-cached/set...perSetupSP1.cab (JuniperSetupSP1 Control) O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? (Photo Upload Plugin Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell - "" = AutoRun O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009/06/07 20:34:25 | 00,000,000 | R--D | M] ========== Files/Folders - Created Within 30 Days ========== [2009/06/07 20:34:20 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe [2009/06/07 20:29:02 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/06/07 19:56:33 | 00,000,646 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk [2009/06/07 19:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT2009June07 [2009/06/07 19:35:49 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe [2009/06/07 19:31:32 | 00,169,554 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up2.reg [2009/06/06 17:22:15 | 01,112,374 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up.reg [2009/06/06 17:14:05 | 00,001,548 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\CCleaner.lnk [2009/06/06 17:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/06/06 16:51:56 | 00,000,690 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\SpywareBlaster.lnk [2009/06/06 16:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/06/05 16:33:34 | 00,665,635 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\free_panty.pdf [2009/06/05 15:24:31 | 00,243,517 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\Form_TN-1_V-1.0.pdf [2009/06/03 10:50:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/06/03 10:50:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/05/28 09:28:45 | 00,384,512 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\flash player.doc [2009/05/22 11:23:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\WinMedia [2009/05/14 08:57:56 | 00,001,729 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 9.lnk [2009/02/09 21:14:15 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll [2008/04/14 19:37:02 | 00,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys [2007/09/13 16:32:45 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/07/14 08:32:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/01/17 19:46:37 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2006/09/15 10:54:14 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC86.ini [2006/09/15 10:52:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2006/04/24 19:03:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2006/04/24 19:02:20 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini [2006/04/24 19:01:22 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/04/24 19:00:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI [2006/04/24 18:58:20 | 00,001,577 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2006/04/24 18:58:20 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini [2006/04/24 18:58:20 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2005/08/31 12:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll [2005/01/06 13:45:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI [2004/05/04 13:37:49 | 00,012,753 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2004/02/23 16:11:58 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004/02/22 16:12:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI [2004/02/22 16:09:52 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll [2004/02/22 16:09:52 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll [2004/02/22 16:09:52 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll [2004/02/22 11:23:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2004/02/22 00:30:07 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini [2004/02/04 03:11:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/02/04 03:00:20 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2004/02/04 02:55:59 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/02/04 02:52:10 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/02/04 02:49:49 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/02/04 02:15:38 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/09/03 10:59:58 | 00,000,599 | ---- | C] () -- C:\WINDOWS\WIN.INI [2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [2009/06/07 20:34:26 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe [2009/06/07 20:09:14 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2009/06/07 19:56:33 | 00,000,646 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk [2009/06/07 19:38:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Christine Schaefer\Local Settings\DESKTOP.INI [2009/06/07 19:38:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/07 19:37:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/06/07 19:37:52 | 26,675,6096 | -HS- | M] () -- C:\hiberfil.sys [2009/06/07 19:35:50 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe [2009/06/07 19:31:51 | 00,169,554 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up2.reg [2009/06/07 12:02:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/06/07 09:21:33 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2009/06/06 17:22:43 | 01,112,374 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up.reg [2009/06/06 17:14:05 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\CCleaner.lnk [2009/06/06 17:01:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/06 16:51:56 | 00,000,690 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\SpywareBlaster.lnk [2009/06/06 16:17:20 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 9.lnk [2009/06/05 16:33:34 | 00,665,635 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\free_panty.pdf [2009/06/05 15:24:31 | 00,243,517 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\Form_TN-1_V-1.0.pdf [2009/06/04 09:22:12 | 00,002,497 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\Microsoft Office Word 2003.lnk [2009/06/03 10:50:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/05/28 09:28:46 | 00,384,512 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\flash player.doc [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 1406 bytes -> C:\DOCUME~1\CHRIST~1\Desktop\Google.url:favicon @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD < End of report > OTL: Extras.Txt OTL Extras logfile created on: 6/7/2009 8:36:04 PM - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Christine Schaefer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.33 Mb Total Physical Memory | 116.98 Mb Available Physical Memory | 46.00% Memory free 625.17 Mb Paging File | 348.37 Mb Available in Paging File | 55.72% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18.58 Gb Total Space | 6.25 Gb Free Space | 33.64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D7X5X741 Current User Name: Christine Schaefer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) %windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer File not found %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Disabled:SAgent4 (SEIKO EPSON CORPORATION) C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1 "{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2 "{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}" = iTunes "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD "{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer- "{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C94C253C-069F-4C02-8E5B-C1D056827643}" = Wal-Mart Digital Photo Manager "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only "{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "Adobe AIR" = Adobe AIR "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "ArcSoft PhotoBase" = ArcSoft PhotoBase "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000 "BCM V.92 56K Modem" = BCM V.92 56K Modem "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "COMODO Internet Security" = COMODO Internet Security "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "EPSON Printer and Utilities" = EPSON Printer Software "ERUNT_is1" = ERUNT 1.1j "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2 "InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC Tools AntiVirus_is1" = PC Tools AntiVirus 5.0 "RealPlayer 6.0" = RealOne Player "Shockwave" = Shockwave "SpywareBlaster_is1" = SpywareBlaster 4.2 "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent CDA" = WildTangent Web Driver "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Term_Services" = Juniper Terminal Services Client "Log Upload" = Juniper Networks Log Upload "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/1/2009 2:52:11 PM | Computer Name = D7X5X741 | Source = Application Hang | ID = 1002 Description = Hanging application wfcrun32.exe, version 10.200.2650.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/1/2009 2:52:11 PM | Computer Name = D7X5X741 | Source = Application Hang | ID = 1002 Description = Hanging application wfcrun32.exe, version 10.200.2650.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/2/2009 7:16:40 AM | Computer Name = D7X5X741 | Source = Application Error | ID = 1000 Description = Faulting application PCTAVSvc.exe, version 5.0.1.1, faulting module PCTAVSvc.exe, version 5.0.1.1, fault address 0x00064710. Error - 5/14/2009 8:58:05 AM | Computer Name = D7X5X741 | Source = Application Error | ID = 1000 Description = Faulting application PCTAVSvc.exe, version 5.0.1.1, faulting module PCTAVSvc.exe, version 5.0.1.1, fault address 0x00064710. Error - 5/14/2009 5:02:36 PM | Computer Name = D7X5X741 | Source = Application Hang | ID = 1002 Description = Hanging application Adobe_Updater.exe, version 6.2.0.1474, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/15/2009 2:30:31 PM | Computer Name = D7X5X741 | Source = Application Hang | ID = 1002 Description = Hanging application dsTermServ.exe, version 6.0.0.13911, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/22/2009 9:17:28 AM | Computer Name = D7X5X741 | Source = Application Error | ID = 1000 Description = Faulting application PCTAVSvc.exe, version 5.0.1.1, faulting module PCTAVSvc.exe, version 5.0.1.1, fault address 0x00064710. Error - 5/22/2009 1:39:55 PM | Computer Name = D7X5X741 | Source = Application Error | ID = 1000 Description = Faulting application wfcrun32.exe, version 10.200.2650.0, faulting module confmgr.dll, version 0.0.0.0, fault address 0x00001429. Error - 5/23/2009 7:29:26 PM | Computer Name = D7X5X741 | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 5/24/2009 6:59:58 AM | Computer Name = D7X5X741 | Source = Application Error | ID = 1004 Description = Faulting application PCTAVSvc.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. [ System Events ] Error - 6/5/2009 5:49:12 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842786 Description = Component identity found in manifest does not match the identity of the component requested Error - 6/5/2009 5:49:12 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842810 Description = Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Error - 6/5/2009 5:49:12 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL. Reference error message: The operation completed successfully. . Error - 6/5/2009 5:49:16 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842786 Description = Component identity found in manifest does not match the identity of the component requested Error - 6/5/2009 5:49:16 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842810 Description = Syntax error in manifest or policy file "C:\PROGRA~1\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Error - 6/5/2009 5:49:16 PM | Computer Name = D7X5X741 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\PROGRA~1\Citrix\ICACLI~1\MFC80.DLL. Reference error message: The operation completed successfully. . Error - 6/7/2009 7:00:20 PM | Computer Name = D7X5X741 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 6/7/2009 7:00:46 PM | Computer Name = D7X5X741 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: agp440 IntelIde Error - 6/7/2009 7:39:50 PM | Computer Name = D7X5X741 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. Error - 6/7/2009 7:39:50 PM | Computer Name = D7X5X741 | Source = Service Control Manager | ID = 7000 Description = The Application Layer Gateway Service service failed to start due to the following error: %%1053 < End of report > MBAM log: Malwarebytes' Anti-Malware 1.37 Database version: 2238 Windows 5.1.2600 Service Pack 3 6/7/2009 6:57:13 PM mbam-log-2009-06-07 (18-57-13).txt Scan type: Quick Scan Objects scanned: 83433 Time elapsed: 21 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Christine Schaefer\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. ROOTER: Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:19030 Mo/Free:2305 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) Sun 06/07/2009|20:29 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\Program Files\EPSON\ESM2\eEBSVC.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\System32\MsPMSPSv.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\system32\hkcmd.exe ---------- C:\WINDOWS\BCMSMMSG.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---------- C:\Program Files\Dell\AccessDirect\dadapp.exe ---------- C:\WINDOWS\System32\DSentry.exe ---------- C:\WINDOWS\system32\dla\tfswctrl.exe ---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\PC Tools AntiVirus\PCTAV.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---------- C:\Program Files\internet explorer\iexplore.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - Sun 06/07/2009|20:31 ----------------------\\ Scan completed at 20:31 |
 |
 
|
|
Jun 13 2009, 12:56 PM
Post
#2
|
|
 Malware Removal Staff  Posts: 527 OS: Windows XP |
Hello and welcome to GeeksTogo!
I Apologize for the late response. Here at GeeksToGo and many other forums we are very busy and we overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. Please follow the steps in the Preparation guide before starting a new topic that is pinned in this forum, on running Malwarebytes Anti-Malware, Rooter and creating an OTL it log. Please post those 3 log reports here in your next reply. Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed. With Regards, Extremeboy |
|
|
|
|
Jun 14 2009, 06:36 AM
Post
#3
|
|
|
Member Posts: 18 OS: XP |
Thanks for your time. Here are the Malwarebytes Anti-Malware, Rooter, and OTL Logs that you requested.
Malwarebytes' Anti-Malware 1.37 Database version: 2238 Windows 5.1.2600 Service Pack 3 6/14/2009 8:09:39 AM mbam-log-2009-06-14 (08-09-39).txt Scan type: Quick Scan Objects scanned: 81346 Time elapsed: 14 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:19030 Mo/Free:1973 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) Sun 06/14/2009| 8:16 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---------- C:\Program Files\EPSON\ESM2\eEBSVC.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\WINDOWS\System32\MsPMSPSv.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\WINDOWS\system32\hkcmd.exe ---------- C:\WINDOWS\BCMSMMSG.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---------- C:\Program Files\Dell\AccessDirect\dadapp.exe ---------- C:\WINDOWS\System32\DSentry.exe ---------- C:\WINDOWS\system32\dla\tfswctrl.exe ---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe ---------- C:\Program Files\PC Tools AntiVirus\PCTAV.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\Java\jre6\bin\jucheck.exe ---------- C:\WINDOWS\system32\NOTEPAD.EXE ---------- C:\Program Files\internet explorer\iexplore.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - Sun 06/07/2009|20:31 2 - "C:\Rooter$\Rooter_2.txt" - Sun 06/14/2009| 8:18 ----------------------\\ Scan completed at 8:18 OTL logfile created on: 6/14/2009 8:19:15 AM - Run 2 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Christine Schaefer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.33 Mb Total Physical Memory | 80.89 Mb Available Physical Memory | 31.80% Memory free 625.17 Mb Paging File | 276.09 Mb Available in Paging File | 44.16% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18.58 Gb Total Space | 5.93 Gb Free Space | 31.89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D7X5X741 Current User Name: Christine Schaefer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Program Files\EPSON\ESM2\eEBSVC.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Dell\AccessDirect\dadapp.exe () PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering) PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Christine Schaefer\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (EpsonBidirectionalService [Auto | Running]) -- C:\Program Files\EPSON\ESM2\eEBSVC.exe () SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (PCTAVSvc [Auto | Running]) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd) SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AVFilter [Auto | Running]) -- C:\WINDOWS\system32\drivers\AVFilter.sys (PC Tools Research Pty Ltd) DRV - (AVHook [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AVHook.sys (PC Tools Research Pty Ltd.) DRV - (AVRec [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AVRec.sys (PC Tools Research Pty Ltd ) DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys (Broadcom Corporation) DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (CH341SER [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CH341SER.SYS (www.winchiphead.com) DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO) DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.) DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation) DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation) DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation) DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation) DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation) DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation) DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation) DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation) DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation) DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation) DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (IPN2220 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\i2220ntx.sys (Inprocomm, Inc.) DRV - (LSWPCv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LSRTNDS.SYS (Linksys) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NEOFLTR_600_13911 [System | Running]) -- C:\WINDOWS\system32\Drivers\NEOFLTR_600_13911.SYS (Juniper Networks) DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (odysseyIM3 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.) DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (QV2KUX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\qv2kux.sys (Microsoft Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - ({5C8B2B62-A385-11d5-A78B-00104B672758} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\A311.sys (Intel Corporation) DRV - ({5C8B2B65-A385-11d5-A78B-00104B672758} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\A310.sys (Intel Corporation) DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation) DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ne2.attbb.net FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/05 15:49:27 | 00,000,000 | ---D | M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe (Broadcom Corporation) O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h () O4 - HKLM..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe () O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (PC Tools Research Pty Ltd) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [Juniper Secure DNS (Top)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Juniper Secure DNS (Bottom)] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238535137284 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://asg.statestreet.com/dana-cached/set...perSetupSP1.cab (JuniperSetupSP1 Control) O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? (Photo Upload Plugin Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell - "" = AutoRun O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{baef9820-cb07-11dd-b61d-000d56b53013}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009/06/07 20:45:30 | 00,000,000 | R--D | M] ========== Files/Folders - Created Within 30 Days ========== [2009/06/14 07:54:02 | 00,000,332 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up.reg [2009/06/07 20:34:20 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe [2009/06/07 20:29:02 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/06/07 19:56:33 | 00,000,646 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk [2009/06/07 19:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT2009June07 [2009/06/07 19:35:49 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe [2009/06/06 17:14:05 | 00,001,548 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\CCleaner.lnk [2009/06/06 17:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/06/06 16:51:56 | 00,000,690 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\SpywareBlaster.lnk [2009/06/06 16:51:54 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/06/05 15:24:31 | 00,243,517 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\Form_TN-1_V-1.0.pdf [2009/06/03 10:50:13 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/06/03 10:50:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/05/28 09:28:45 | 00,384,512 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\flash player.doc [2009/05/22 11:23:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\WinMedia [2009/02/09 21:14:15 | 00,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll [2008/04/14 19:37:02 | 00,028,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\usb2vcom.sys [2007/09/13 16:32:45 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/07/14 08:32:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/01/17 19:46:37 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini [2006/09/15 10:54:14 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC86.ini [2006/09/15 10:52:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2006/04/24 19:03:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2006/04/24 19:02:20 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini [2006/04/24 19:01:22 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/04/24 19:00:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI [2006/04/24 18:58:20 | 00,001,577 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2006/04/24 18:58:20 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini [2006/04/24 18:58:20 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2005/08/31 12:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll [2005/01/06 13:45:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI [2004/05/04 13:37:49 | 00,012,753 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2004/02/23 16:11:58 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004/02/22 16:12:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI [2004/02/22 16:09:52 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll [2004/02/22 16:09:52 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll [2004/02/22 16:09:52 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll [2004/02/22 11:23:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2004/02/22 00:30:07 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini [2004/02/04 03:11:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/02/04 03:00:20 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2004/02/04 02:55:59 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/02/04 02:52:10 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/02/04 02:49:49 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/02/04 02:15:38 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/08/14 00:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/09/03 10:59:58 | 00,000,599 | ---- | C] () -- C:\WINDOWS\WIN.INI [2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [2009/06/14 07:54:15 | 00,000,332 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\reg back up.reg [2009/06/14 07:39:54 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2009/06/14 07:37:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/14 07:37:47 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Christine Schaefer\Local Settings\DESKTOP.INI [2009/06/14 07:37:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/06/14 07:37:40 | 26,675,6096 | -HS- | M] () -- C:\hiberfil.sys [2009/06/13 09:02:27 | 00,168,208 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll [2009/06/13 09:02:24 | 00,082,080 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2009/06/13 09:02:23 | 00,024,096 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2009/06/13 09:02:20 | 00,132,640 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2009/06/12 17:51:37 | 00,000,599 | ---- | M] () -- C:\WINDOWS\WIN.INI [2009/06/11 15:23:27 | 00,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/07 20:34:26 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe [2009/06/07 19:56:33 | 00,000,646 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk [2009/06/07 19:35:50 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe [2009/06/07 12:02:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/06/07 09:21:33 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2009/06/06 17:14:05 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\CCleaner.lnk [2009/06/06 17:01:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/06 16:51:56 | 00,000,690 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\SpywareBlaster.lnk [2009/06/06 16:17:20 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Adobe Reader 9.lnk [2009/06/05 15:24:31 | 00,243,517 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\Form_TN-1_V-1.0.pdf [2009/06/04 09:22:12 | 00,002,497 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\Microsoft Office Word 2003.lnk [2009/06/03 10:50:13 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/28 09:28:46 | 00,384,512 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\flash player.doc [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 1406 bytes -> C:\DOCUME~1\CHRIST~1\Desktop\Google.url:favicon @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD < End of report > |
|
|
|
|
Jun 14 2009, 08:25 AM
Post
#4
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
Please run DDS and GMER for me. Download and Run DDS We need to see some information about what is happening in your machine. Please perform the following scan:
-- Note: The screen instructions indicate the attach.txt must be zipped before attaching (not posted) to your forum post. Instead, we want you to include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply. We need to scan for Rootkits with GMER
~EB |
|
|
|
or 
on your desktop.
and wait for the scan to finish.
and save the logfile to your desktop.|
Jun 14 2009, 05:51 PM
Post
#5
|
|
|
Member Posts: 18 OS: XP |
Hi,
I've attached the zipped attach.txt there was also a DDS.txt that I posted and I also posted the GMER_log (see the following). Thank You. DDS (Ver_09-05-14.01) - NTFSx86 Run by Christine Schaefer at 16:31:01.44 on Sun 06/14/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.98 [GMT -4:00] AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Christine Schaefer\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.gmail.com/ uInternet Settings,ProxyServer = sas.ne2.attbb.net:8000 uInternet Settings,ProxyOverride = *.ne2.attbb.net BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsonb~1.lnk - c:\program files\epson\esm2\STMS.exe IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238535137284 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://asg.statestreet.com/dana-cached/setup/JuniperSetupSP1.cab DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-9 132640] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-9 24096] R1 NEOFLTR_600_13911;Juniper Networks TDI Filter Driver (NEOFLTR_600_13911);c:\windows\system32\drivers\NEOFLTR_600_13911.sys [2009-2-3 64160] R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-1-23 21904] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-2-9 692496] R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-1-23 999640] R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-1-23 28568] S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [1980-1-1 31799] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [1980-1-1 33335] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-4-14 35824] S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-1-5 117248] S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [2004-6-16 151808] =============== Created Last 30 ================ 2009-06-07 20:29 <DIR> --d----- C:\Rooter$ 2009-06-07 19:56 <DIR> --d----- c:\program files\ERUNT2009June07 2009-06-06 17:14 <DIR> --d----- c:\program files\CCleaner 2009-06-06 16:51 <DIR> --d----- c:\program files\SpywareBlaster 2009-06-03 10:50 1,409 a------- c:\windows\QTFont.for 2009-06-03 10:50 54,156 a---h--- c:\windows\QTFont.qfn 2009-05-22 11:23 <DIR> --d-h--- c:\windows\WinMedia ==================== Find3M ==================== 2009-06-13 09:02 168,208 a------- c:\windows\system32\guard32.dll 2009-06-13 09:02 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-06-13 09:02 132,640 a------- c:\windows\system32\drivers\cmdguard.sys 2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-02-08 00:46 3,444,878 a------- c:\documents and settings\christine schaefer\neoteris_read_27754609.reg 2009-01-27 23:05 3,442,622 a------- c:\documents and settings\christine schaefer\neoteris_read_1699466.reg 2009-01-21 22:35 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_7634850.reg 2009-01-16 13:53 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_2220005.reg 2009-01-09 18:09 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_17612792.reg 2009-01-01 17:27 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_28408652.reg 2008-12-26 18:29 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_10696962.reg 2008-12-15 21:57 3,556,446 a------- c:\documents and settings\christine schaefer\neoteris_read_7847125.reg 2008-12-03 20:16 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_14475260.reg 2008-11-21 18:31 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_11183016.reg 2008-11-21 12:06 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_31365500.reg 2008-11-10 13:35 3,517,152 a------- c:\documents and settings\christine schaefer\neoteris_read_16707018.reg 2008-09-04 10:27 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_21406487.reg 2008-08-22 17:52 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_26578645.reg 2008-08-22 10:33 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_2189042.reg 2008-08-01 09:19 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_4669260.reg 2008-07-30 18:20 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_28881851.reg 2008-06-26 10:34 3,465,556 a------- c:\documents and settings\christine schaefer\neoteris_read_2026549.reg 2008-05-14 19:55 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10931191.reg 2008-05-09 17:16 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_27140992.reg 2008-05-09 13:32 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_17132509.reg 2008-04-29 19:25 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_12424141.reg 2008-04-24 17:12 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10197038.reg 2008-02-22 14:12 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_30039545.reg 2008-02-22 14:03 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_6568692.reg 2008-01-14 19:02 3,448,814 ac------ c:\documents and settings\christine schaefer\neoteris_read_31182460.reg 2008-01-12 20:31 389,120 ac------ c:\documents and settings\christine schaefer\GoToAssist_phone__268_en.exe 2007-12-12 21:38 3,419,108 ac------ c:\documents and settings\christine schaefer\neoteris_read_15529480.reg 2007-09-26 19:25 3,412,772 ac------ c:\documents and settings\christine schaefer\neoteris_read_21604244.reg 2007-08-24 17:36 3,394,852 ac------ c:\documents and settings\christine schaefer\neoteris_read_5890277.reg 2007-07-26 18:21 3,388,044 ac------ c:\documents and settings\christine schaefer\neoteris_read_33189144.reg 2007-07-17 20:55 3,387,986 ac------ c:\documents and settings\christine schaefer\neoteris_read_30776636.reg 2007-07-13 17:25 3,366,926 ac------ c:\documents and settings\christine schaefer\neoteris_read_10524970.reg 2007-06-09 14:54 3,361,722 ac------ c:\documents and settings\christine schaefer\neoteris_read_26138490.reg 2007-03-07 22:18 3,359,686 ac------ c:\documents and settings\christine schaefer\neoteris_read_24223536.reg 2007-01-29 19:34 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_8703610.reg 2007-01-23 21:12 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_12606779.reg 2007-01-11 22:05 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_17547166.reg 2007-01-11 21:53 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_26675936.reg 2009-01-27 20:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat ============= FINISH: 16:31:53.35 =============== GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-14 19:35:13 Windows 5.1.2600 Service Pack 3 ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\hkcmd.exe[136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001 .text C:\WINDOWS\BCMSMMSG.exe[168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01230001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[196] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 01810001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[196] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [85] .text ... .text C:\WINDOWS\system32\wscntfy.exe[2092] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Program Files\Java\jre6\bin\jucheck.exe[2160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001 .text C:\Program Files\Java\jre6\bin\jucheck.exe[2160] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\Documents and Settings\Christine Schaefer\Desktop\7lud0mxe.exe[2928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D .text C:\WINDOWS\System32\alg.exe[3140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00780001 .text C:\WINDOWS\System32\alg.exe[3140] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F90AF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F90AF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F90AF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F90AF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [006188F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [00618010] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00617C70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [00618A00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [00618A70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [00618A50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [00617E60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00617D50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00618010] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00618540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [00617F70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [00617C30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [006187E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [00617BE0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617ED0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [00618600] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [006180A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00618B50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [006184B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [00618BF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [006186C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00618AD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[724] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00618C80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd ) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_13911.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_13911.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_13911.SYS (NetBIOS Redirector/Juniper Networks) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_13911.SYS (NetBIOS Redirector/Juniper Networks) Device \FileSystem\Fastfat \Fat EEFADD20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ----
Attached File(s)
|
|
|
|
|
Jun 17 2009, 07:10 PM
Post
#6
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
Although the infection was removed. Before it was removed, your computer was probably compromised. From what I found this is what the infections does: http://www.bleepingcomputer.com/startups/s...t.exe-7534.html QUOTE This dumaru variant attempts to terminate antivirus programs so that it remains undetected. It is a mass-mailing worm with backdoor and keylogging capabilities. http://www.symantec.com/security_response/...-99&tabid=2 I would format the computer and then change passwords using a clean computer ASAP. Regarding Backdoors: Unfortunatly One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. With Regards, Extremeboy |
|
|
|
|
Jun 18 2009, 01:44 PM
Post
#7
|
|
|
Member Posts: 18 OS: XP |
Thank You for helping to look in to this. I will take your advise and change passwords (from clean PC) and look for a new machine. In the interim, I would greatly appreciate your help with cleaning my machine. Please let me know if you would like new logs or any steps you would like me to complete.
Best Regards, Dougier |
|
|
|
|
Jun 20 2009, 04:47 PM
Post
#8
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
Let's do the following. Update and Scan with MalwareBytes Anti-Malware
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
You can refer to this animation by sundavis if needed. Post a new set of DDS logs afterwards. With Regards, Extremeboy |
|
|
|
button on the main page.
button.
...button.
button, if you made any changes.|
Jun 21 2009, 12:27 PM
Post
#9
|
|
|
Member Posts: 18 OS: XP |
Hello Again~
I ran into a snag with Kaspersky Online Scanner. The "accept" button is greyed out and I get error "You need to install Java Version 1.5 or later to run Kaspersky 7.0". I uninstalled my old version Java 6V12 and installed Java 6 version 14 which is equivalent to JRE 1.6. I also verified that my Java is enabled. This still produced the error that I need 1.5 or later. I uninstalled and reinstalled, rebooted my computer and am still getting the error  Java.com allows you to check to see if the JAVA is working and mine appears to not be working I do not see the dancing blue icon in the applet box. I updated malwarebytes, scanned and posted the log and also posted the new DDS log. I have attached the DDS "attach" file as "attach2". I'm not sure how to rectify the Kaspersky issue. Is there a different scan that you can point me to that will produce the log that you are looking for? I apologise for not being able to post the log that you requested. Best Regards, Dougier Malwarebytes' Anti-Malware 1.38 Database version: 2318 Windows 5.1.2600 Service Pack 3 6/21/2009 9:34:04 AM mbam-log-2009-06-21 (09-34-04).txt Scan type: Quick Scan Objects scanned: 87355 Time elapsed: 9 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_09-05-14.01) - NTFSx86 Run by Christine Schaefer at 13:54:53.18 on Sun 06/21/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00] AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Christine Schaefer\Desktop\dds.scr C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.gmail.com/ uInternet Settings,ProxyServer = sas.ne2.attbb.net:8000 uInternet Settings,ProxyOverride = *.ne2.attbb.net BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsonb~1.lnk - c:\program files\epson\esm2\STMS.exe IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238535137284 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://asg.statestreet.com/dana-cached/setup/JuniperSetupSP1.cab DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-9 132640] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-9 24096] R1 NEOFLTR_600_13911;Juniper Networks TDI Filter Driver (NEOFLTR_600_13911);c:\windows\system32\drivers\NEOFLTR_600_13911.sys [2009-2-3 64160] R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-1-23 21904] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-2-9 692496] R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-1-23 28568] S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [1980-1-1 31799] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [1980-1-1 33335] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-4-14 35824] S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-1-5 117248] S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [2004-6-16 151808] =============== Created Last 30 ================ 2009-06-21 13:02 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-17 12:28 130 a------- c:\windows\cfplogvw.INI 2009-06-07 20:29 <DIR> --d----- C:\Rooter$ 2009-06-07 19:56 <DIR> --d----- c:\program files\ERUNT2009June07 2009-06-06 17:14 <DIR> --d----- c:\program files\CCleaner 2009-06-06 16:51 <DIR> --d----- c:\program files\SpywareBlaster 2009-06-03 10:50 1,409 a------- c:\windows\QTFont.for 2009-06-03 10:50 54,156 a---h--- c:\windows\QTFont.qfn ==================== Find3M ==================== 2009-06-21 13:01 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-13 09:02 168,208 a------- c:\windows\system32\guard32.dll 2009-06-13 09:02 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-06-13 09:02 132,640 a------- c:\windows\system32\drivers\cmdguard.sys 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2009-02-08 00:46 3,444,878 a------- c:\documents and settings\christine schaefer\neoteris_read_27754609.reg 2009-01-27 23:05 3,442,622 a------- c:\documents and settings\christine schaefer\neoteris_read_1699466.reg 2009-01-21 22:35 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_7634850.reg 2009-01-16 13:53 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_2220005.reg 2009-01-09 18:09 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_17612792.reg 2009-01-01 17:27 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_28408652.reg 2008-12-26 18:29 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_10696962.reg 2008-12-15 21:57 3,556,446 a------- c:\documents and settings\christine schaefer\neoteris_read_7847125.reg 2008-12-03 20:16 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_14475260.reg 2008-11-21 18:31 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_11183016.reg 2008-11-21 12:06 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_31365500.reg 2008-11-10 13:35 3,517,152 a------- c:\documents and settings\christine schaefer\neoteris_read_16707018.reg 2008-09-04 10:27 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_21406487.reg 2008-08-22 17:52 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_26578645.reg 2008-08-22 10:33 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_2189042.reg 2008-08-01 09:19 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_4669260.reg 2008-07-30 18:20 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_28881851.reg 2008-06-26 10:34 3,465,556 a------- c:\documents and settings\christine schaefer\neoteris_read_2026549.reg 2008-05-14 19:55 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10931191.reg 2008-05-09 17:16 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_27140992.reg 2008-05-09 13:32 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_17132509.reg 2008-04-29 19:25 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_12424141.reg 2008-04-24 17:12 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10197038.reg 2008-02-22 14:12 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_30039545.reg 2008-02-22 14:03 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_6568692.reg 2008-01-14 19:02 3,448,814 ac------ c:\documents and settings\christine schaefer\neoteris_read_31182460.reg 2008-01-12 20:31 389,120 ac------ c:\documents and settings\christine schaefer\GoToAssist_phone__268_en.exe 2007-12-12 21:38 3,419,108 ac------ c:\documents and settings\christine schaefer\neoteris_read_15529480.reg 2007-09-26 19:25 3,412,772 ac------ c:\documents and settings\christine schaefer\neoteris_read_21604244.reg 2007-08-24 17:36 3,394,852 ac------ c:\documents and settings\christine schaefer\neoteris_read_5890277.reg 2007-07-26 18:21 3,388,044 ac------ c:\documents and settings\christine schaefer\neoteris_read_33189144.reg 2007-07-17 20:55 3,387,986 ac------ c:\documents and settings\christine schaefer\neoteris_read_30776636.reg 2007-07-13 17:25 3,366,926 ac------ c:\documents and settings\christine schaefer\neoteris_read_10524970.reg 2007-06-09 14:54 3,361,722 ac------ c:\documents and settings\christine schaefer\neoteris_read_26138490.reg 2007-03-07 22:18 3,359,686 ac------ c:\documents and settings\christine schaefer\neoteris_read_24223536.reg 2007-01-29 19:34 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_8703610.reg 2007-01-23 21:12 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_12606779.reg 2007-01-11 22:05 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_17547166.reg 2007-01-11 21:53 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_26675936.reg 2009-01-27 20:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat ============= FINISH: 13:56:53.06 ===============
Attached File(s)
|
|
|
|
|
Jun 22 2009, 04:21 PM
Post
#10
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
let's run this alternative scanner for now: Run ESET Online Scan
Take a new DDS run afterwards and post back with the logs. With Regards, Extremeboy |
|
|
|
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
|
Jun 22 2009, 10:29 PM
Post
#11
|
|
|
Member Posts: 18 OS: XP |
You're a genius, the ESET worked and found a variant. I attached the DDS attach as attach3.zip and posted the other logs you requested. Thanks for reviewinig and I'll await your further instruction.
ESET: C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll probably a variant of Win32/Agent trojan cleaned by deleting - quarantined DDS (Ver_09-05-14.01) - NTFSx86 Run by Christine Schaefer at 0:12:04.95 on Tue 06/23/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.81 [GMT -4:00] AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Christine Schaefer\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.gmail.com/ uInternet Settings,ProxyServer = sas.ne2.attbb.net:8000 uInternet Settings,ProxyOverride = *.ne2.attbb.net BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsonb~1.lnk - c:\program files\epson\esm2\STMS.exe IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238535137284 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://asg.statestreet.com/dana-cached/setup/JuniperSetupSP1.cab DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-9 132640] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-9 24096] R1 NEOFLTR_600_13911;Juniper Networks TDI Filter Driver (NEOFLTR_600_13911);c:\windows\system32\drivers\NEOFLTR_600_13911.sys [2009-2-3 64160] R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-1-23 21904] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-2-9 692496] R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-1-23 999640] R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-1-23 28568] S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [1980-1-1 31799] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [1980-1-1 33335] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-4-14 35824] S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-1-5 117248] S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [2004-6-16 151808] =============== Created Last 30 ================ 2009-06-22 20:35 <DIR> --d----- c:\program files\ESET 2009-06-21 13:02 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-17 12:28 130 a------- c:\windows\cfplogvw.INI 2009-06-07 20:29 <DIR> --d----- C:\Rooter$ 2009-06-07 19:56 <DIR> --d----- c:\program files\ERUNT2009June07 2009-06-06 17:14 <DIR> --d----- c:\program files\CCleaner 2009-06-06 16:51 <DIR> --d----- c:\program files\SpywareBlaster ==================== Find3M ==================== 2009-06-21 13:01 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-13 09:02 168,208 a------- c:\windows\system32\guard32.dll 2009-06-13 09:02 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-06-13 09:02 132,640 a------- c:\windows\system32\drivers\cmdguard.sys 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2009-02-08 00:46 3,444,878 a------- c:\documents and settings\christine schaefer\neoteris_read_27754609.reg 2009-01-27 23:05 3,442,622 a------- c:\documents and settings\christine schaefer\neoteris_read_1699466.reg 2009-01-21 22:35 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_7634850.reg 2009-01-16 13:53 3,558,680 a------- c:\documents and settings\christine schaefer\neoteris_read_2220005.reg 2009-01-09 18:09 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_17612792.reg 2009-01-01 17:27 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_28408652.reg 2008-12-26 18:29 3,557,678 a------- c:\documents and settings\christine schaefer\neoteris_read_10696962.reg 2008-12-15 21:57 3,556,446 a------- c:\documents and settings\christine schaefer\neoteris_read_7847125.reg 2008-12-03 20:16 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_14475260.reg 2008-11-21 18:31 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_11183016.reg 2008-11-21 12:06 3,519,156 a------- c:\documents and settings\christine schaefer\neoteris_read_31365500.reg 2008-11-10 13:35 3,517,152 a------- c:\documents and settings\christine schaefer\neoteris_read_16707018.reg 2008-09-04 10:27 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_21406487.reg 2008-08-22 17:52 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_26578645.reg 2008-08-22 10:33 3,508,906 a------- c:\documents and settings\christine schaefer\neoteris_read_2189042.reg 2008-08-01 09:19 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_4669260.reg 2008-07-30 18:20 3,466,558 a------- c:\documents and settings\christine schaefer\neoteris_read_28881851.reg 2008-06-26 10:34 3,465,556 a------- c:\documents and settings\christine schaefer\neoteris_read_2026549.reg 2008-05-14 19:55 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10931191.reg 2008-05-09 17:16 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_27140992.reg 2008-05-09 13:32 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_17132509.reg 2008-04-29 19:25 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_12424141.reg 2008-04-24 17:12 3,457,298 ac------ c:\documents and settings\christine schaefer\neoteris_read_10197038.reg 2008-02-22 14:12 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_30039545.reg 2008-02-22 14:03 3,452,050 ac------ c:\documents and settings\christine schaefer\neoteris_read_6568692.reg 2008-01-14 19:02 3,448,814 ac------ c:\documents and settings\christine schaefer\neoteris_read_31182460.reg 2008-01-12 20:31 389,120 ac------ c:\documents and settings\christine schaefer\GoToAssist_phone__268_en.exe 2007-12-12 21:38 3,419,108 ac------ c:\documents and settings\christine schaefer\neoteris_read_15529480.reg 2007-09-26 19:25 3,412,772 ac------ c:\documents and settings\christine schaefer\neoteris_read_21604244.reg 2007-08-24 17:36 3,394,852 ac------ c:\documents and settings\christine schaefer\neoteris_read_5890277.reg 2007-07-26 18:21 3,388,044 ac------ c:\documents and settings\christine schaefer\neoteris_read_33189144.reg 2007-07-17 20:55 3,387,986 ac------ c:\documents and settings\christine schaefer\neoteris_read_30776636.reg 2007-07-13 17:25 3,366,926 ac------ c:\documents and settings\christine schaefer\neoteris_read_10524970.reg 2007-06-09 14:54 3,361,722 ac------ c:\documents and settings\christine schaefer\neoteris_read_26138490.reg 2007-03-07 22:18 3,359,686 ac------ c:\documents and settings\christine schaefer\neoteris_read_24223536.reg 2007-01-29 19:34 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_8703610.reg 2007-01-23 21:12 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_12606779.reg 2007-01-11 22:05 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_17547166.reg 2007-01-11 21:53 3,311,116 ac------ c:\documents and settings\christine schaefer\neoteris_read_26675936.reg 2009-01-27 20:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat ============= FINISH: 0:13:59.65 ===============
Attached File(s)
|
|
|
|
|
Jun 24 2009, 09:08 AM
Post
#12
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
How is your computer running at the moment? Any problems/issues? The logs look fine. If all is well, we can wrap up and clean up next post. With Regards, Extremeboy |
|
|
|
|
Jun 24 2009, 06:05 PM
Post
#13
|
|
|
Member Posts: 18 OS: XP |
Hi,
Thank You for looking over the logs and asking about the current performance. I don't see anything which raises a red flag. At start up, it takes a while for the desktop to open, but I'm beginning to think this is because of either the screen saver or # of programs running at start up. I'll have to figure out which programs are really needed to run at start up and stop all the others. I'm ready for your wrap up/clean up instructions. Kind Regards, Dougier |
|
|
|
|
Jun 25 2009, 08:27 PM
Post
#14
|
|
|
Malware Removal Staff Posts: 527 OS: Windows XP |
Hello.
Before I give my final speech, see if this helps at all. I was going to include this in my final speech, but would like to let you use it and if you have any problems/questions you can ask, so try it out and let me know how it goes. You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware. With Regards, Extremeboy |
|
|
|
|
Jun 26 2009, 01:54 PM
Post
#15
|
|
|
Member Posts: 18 OS: XP |
Thank You for the links to start up lite and the how to clean the computer from bleeping computer. I found that I can disable/delete start-up programs from my ccleaner program. To save memory, I'll try out the ccleaner to disable programs at start up.
I also saved the bleeping computer link to my favorites to refer back to. Awaiting your next command  I have noticed that PCtools Antivirus ocassionally will not start and I need to reboot and more often than not, COMODO firewall shows "COMODO application agent is not running". When I run diagnostics COMODO says "The diagnostics utility did not find any problems with your installation". After clean-up, if I'm having the same problems, I will just uninstall and then re-install. Have a nice weekend if I don't hear back from you. Regards, Dougier This post has been edited by dougier: Jun 28 2009, 06:43 AM |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
2 / 1,154 | 24th January 2007 - 01:13 PM xxxjebusxxx started - last by JSntgRvr |
||||
 |
14 / 335 | 22nd May 2009 - 10:54 AM BenGHillier started - last by Essexboy |
|||||
|
23 / 722 | 7th July 2009 - 09:42 AM Treach started - last by Extremeboy |
|||||
|
 |
32 / 838 | 23rd July 2009 - 11:23 AM bootlegger started - last by Essexboy |
||||
|
Time is now: 8th November 2009 - 12:48 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising