Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

browser redirect [Solved]

Started by TacticalMonkey , Aug 02 2009 11:49 AM

  • This topic is locked This topic is locked

#1
TacticalMonkey
Posted 02 August 2009 - 11:49 AM

TacticalMonkey

    Member

  • Member
  • PipPip
  • 21 posts
I have a redirect issue occurring for both firefox and IE, and each of the search engines I've tried. The inquiry search works fine, but clicking on a result link redirects to a number of different sites. Using a bookmark, typing a URL, or navigating within sites does not cause hijack redirects.

I'd appreciate any help. I've read threads on the problem, but don't really know enough to figure out which would be the best path to follow to fix it.

I've run Norton, MalwareBytes, SUPERantispyware, and Ad-aware. No results for infection or problem files since the first run with MBAM.

I've attached the logs requested in the starter thread.

I've attached the log from MBAM for the first run after I had the problem, and the most recent.

Following logs attached:

MBAM #1, MBA#2, OTL logs, and RootRepeal.

Thanks again!

-----------------
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/27/2009 7:05:51 PM
mbam-log-2009-07-27 (19-05-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 152375
Time elapsed: 27 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\agm6desktop\Apps\AA708\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\ACG\acginstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\ACG\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\ApvIT\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\ApvIT\ApproveIT.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\Banner\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\Flash\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\MCAFEE8\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\MCAFEE8\McDefs\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\NS55SP1\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\OFFICE\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\PEV65\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\qt7\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\qt7\QuickTime_Install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\SAV10\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\SAV10\SAVDefs\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\SunJRE\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\SunJRE\JREInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\TW\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\TW\TWInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\V\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\WinZip\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\WinZip\WinZipInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Apps\WM10\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Support\Hotfix\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Support\MSNET2.0\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Support\Security\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Support\setadminpw\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\agm6desktop\Support\setxguestpw\AGMInst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{7ca2813e-2a0f-45ec-993e-5b286fa5f85e}\RP344\A0050513.exe (Rogue.Installer) -> Quarantined and deleted successfully.

--------------------------
--------------------------





MBAM # 2


Malwarebytes' Anti-Malware 1.39
Database version: 2547
Windows 5.1.2600 Service Pack 2

8/2/2009 10:36:10 AM
mbam-log-2009-08-02 (10-36-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154584
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------

OTL

OTL logfile created on: 8/2/2009 9:59:35 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\edrie.kelly\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 411.44 Mb Available Physical Memory | 40.26% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.85 Gb Total Space | 18.36 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MPC-FEC0D47CCF7
Current User Name: ICIUSER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/12/28 11:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 11:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/07/13 09:10:00 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2005/09/19 15:56:06 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2003/05/21 02:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2008/11/22 12:29:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/01/02 13:23:52 | 00,110,592 | ---- | M] () -- C:\MPC\jetty\NMWebSrv.exe
PRC - [2003/05/21 02:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/30 12:10:14 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\Omniserv.exe
PRC - [2005/12/28 11:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/24 16:18:08 | 00,139,264 | ---- | M] (SyAM Software, Inc.) -- C:\MPC\system_monitor\agent\smaagent.exe
PRC - [2003/10/17 22:21:36 | 00,024,673 | ---- | M] () -- C:\MPC\java\bin\java.exe
PRC - [2005/11/30 11:17:30 | 00,014,848 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2004/08/03 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 02:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 02:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/03 23:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/08/03 23:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/11/14 16:00:14 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/08/17 10:37:00 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/12/07 14:44:16 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/30 12:10:58 | 01,843,200 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe
PRC - [2005/12/28 11:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/02/20 17:14:58 | 08,650,752 | ---- | M] (SAMSUNG) -- C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
PRC - [2006/04/11 17:09:00 | 00,368,640 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
PRC - [2005/12/28 12:00:56 | 00,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005/12/28 11:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2003/05/21 02:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2008/11/22 12:29:31 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 09:10:00 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/08/21 16:06:36 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/28 22:46:32 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2005/12/28 11:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2006/06/22 15:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2009/07/25 10:20:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/02 09:58:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edrie.kelly\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/09/19 15:56:06 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2003/05/21 02:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/12/28 11:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/02/07 09:28:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c96659d3874570 [Auto | Stopped])
SRV - [2009/03/24 09:10:21 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/03 23:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/11/22 12:29:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/13 09:10:00 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2004/01/02 13:23:52 | 00,110,592 | ---- | M] () -- C:\MPC\jetty\NMWebSrv.exe -- (NMWebSrv [Auto | Running])
SRV - [2003/05/21 02:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2005/11/30 12:10:14 | 00,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\Omniserv.exe -- (omniserv [Auto | Running])
SRV - [2006/01/12 02:15:44 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/28 11:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/12/28 11:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/06/24 16:18:08 | 00,139,264 | ---- | M] (SyAM Software, Inc.) -- C:\MPC\system_monitor\agent\smaagent.exe -- (SMAgent [Auto | Running])
SRV - [2007/01/23 13:39:04 | 00,368,640 | ---- | M] (RealVNC Ltd.) -- C:\MPC\system_monitor\agent\winvnc.exe -- (winvnc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/22 12:29:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/25 10:20:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/25 10:20:52 | 00,000,000 | ---D | M]

[2008/09/07 08:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\mozilla\Extensions
[2008/09/07 08:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/29 23:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\mozilla\Firefox\Profiles\qws8wp0z.default\extensions
[2009/02/07 10:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\mozilla\Firefox\Profiles\qws8wp0z.default\extensions\[email protected]
[2009/07/29 23:50:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 10:20:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/22 12:29:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/07/25 10:20:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/25 10:20:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/22 12:29:31 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/25 10:20:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/01/18 13:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/02/07 10:24:48 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/07 10:24:48 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/07 10:24:48 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/07 10:24:48 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/07 10:24:48 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/07 10:24:48 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/07 10:24:48 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe (SAMSUNG)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Remote Console] C:\MPC\system_monitor\agent\winvnc.exe (RealVNC Ltd.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\edrie.kelly\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\opxpgina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/23 12:36:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a916ff4-ef17-11dd-a96b-0019d22df4b4}\Shell - "" = AutoRun
O33 - MountPoints2\{5a916ff4-ef17-11dd-a96b-0019d22df4b4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a916ff4-ef17-11dd-a96b-0019d22df4b4}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{852604df-b6e6-11db-a7b3-0019d22df4b4}\Shell - "" = AutoRun
O33 - MountPoints2\{852604df-b6e6-11db-a7b3-0019d22df4b4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{852604df-b6e6-11db-a7b3-0019d22df4b4}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Documents and Settings\edrie.kelly\Desktop\*.tmp files]
[2009/08/02 09:58:38 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edrie.kelly\Desktop\OTL.exe
[2009/08/02 09:55:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/02 09:54:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\NTREGOPT.lnk
[2009/08/02 09:54:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\ERUNT.lnk
[2009/08/02 09:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/02 09:52:29 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\edrie.kelly\Desktop\erunt_setup.exe
[2009/08/02 09:50:57 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\edrie.kelly\Desktop\SysRestorePoint.exe
[2009/08/02 09:42:04 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edrie.kelly\Desktop\TFC.exe
[2009/07/30 22:21:38 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\ContextDraftSubmit_YTC.doc
[2009/07/30 21:47:27 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\~$ntext_Submttal_Memorandum.doc
[2009/07/30 21:47:11 | 04,530,247 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\Protohistoric_Context_for_YTC_2009.pdf
[2009/07/30 20:43:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Desktop\CONTEXT_PDF
[2009/07/30 20:36:32 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\Context_Submttal_Memorandum.doc
[2009/07/29 18:02:53 | 01,888,781 | ---- | C] () -- C:\tribes.ai
[2009/07/27 21:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/27 21:10:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/27 21:09:59 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/27 21:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Application Data\SUPERAntiSpyware.com
[2009/07/27 21:07:17 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\settings.dat
[2009/07/27 21:07:06 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\edrie.kelly\Desktop\RootRepeal.exe
[2009/07/27 21:00:41 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/07/27 20:59:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/07/27 18:31:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/27 12:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Desktop\ContextBackup27JulLunch
[2009/07/25 17:07:50 | 13,221,7318 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\Overpowered.zip
[2009/07/25 16:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Desktop\Ruby Blue
[2009/07/23 06:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Desktop\JumpBackupJul23
[2009/07/22 16:21:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Desktop\Chubby Checker - The Best Of - Cameo-Parkway - 1959-1963
[2009/07/22 14:52:36 | 04,410,755 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\the cisco kid ; war.mp3
[2009/07/22 11:27:26 | 07,819,229 | ---- | C] () -- C:\Documents and Settings\edrie.kelly\Desktop\Narrative_of_a_voyage_to_the_northwest_c.pdf
[2009/07/20 18:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edrie.kelly\Local Settings\Application Data\Temp

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\edrie.kelly\Desktop\*.tmp files]
[2009/08/02 09:58:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edrie.kelly\Desktop\OTL.exe
[2009/08/02 09:54:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\NTREGOPT.lnk
[2009/08/02 09:54:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\ERUNT.lnk
[2009/08/02 09:52:30 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\edrie.kelly\Desktop\erunt_setup.exe
[2009/08/02 09:52:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/02 09:50:57 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\edrie.kelly\Desktop\SysRestorePoint.exe
[2009/08/02 09:48:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/02 09:45:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/02 09:45:49 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/02 09:44:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/02 09:43:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/02 09:42:04 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edrie.kelly\Desktop\TFC.exe
[2009/07/31 11:15:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/31 11:06:40 | 00,223,744 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 22:36:21 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\Context_Submttal_Memorandum.doc
[2009/07/30 22:33:42 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\ContextDraftSubmit_YTC.doc
[2009/07/30 21:51:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\~$ntext_Submttal_Memorandum.doc
[2009/07/30 21:46:48 | 04,530,247 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\Protohistoric_Context_for_YTC_2009.pdf
[2009/07/29 23:01:01 | 00,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/29 18:02:54 | 01,888,781 | ---- | M] () -- C:\tribes.ai
[2009/07/27 21:10:02 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/27 21:09:24 | 00,000,014 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\settings.dat
[2009/07/25 17:47:16 | 13,221,7318 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\Overpowered.zip
[2009/07/22 14:56:12 | 04,410,755 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\the cisco kid ; war.mp3
[2009/07/22 11:28:25 | 07,819,229 | ---- | M] () -- C:\Documents and Settings\edrie.kelly\Desktop\Narrative_of_a_voyage_to_the_northwest_c.pdf
[2009/07/20 18:48:45 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== LOP Check ==========

[2009/07/27 21:10:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/12 09:08:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2007/01/23 13:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/07/27 21:09:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\edrie.kelly\Application Data
[2007/01/23 13:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\ATI
[2008/11/17 10:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\Canon
[2007/01/23 13:47:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\Intel
[2007/01/24 09:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\InterVideo
[2009/02/11 13:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\Move Networks
[2007/12/01 16:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\Snapfish
[2009/01/23 20:03:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\Southwest Airlines
[2009/05/20 15:09:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\edrie.kelly\Application Data\U3
[2009/07/13 09:10:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/03 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/02 09:52:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/08/02 09:45:49 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/02 09:48:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/02 09:44:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


---------------------
---------------------



OTL extras

OTL Extras logfile created on: 8/2/2009 9:59:35 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\edrie.kelly\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 411.44 Mb Available Physical Memory | 40.26% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.85 Gb Total Space | 18.36 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MPC-FEC0D47CCF7
Current User Name: ICIUSER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3894:UDP" = 3894:UDP:*:Enabled:MPC-Notebook-System-Manager-Agent-3894
"3930:TCP" = 3930:TCP:*:Enabled:MPC-Notebook-System-Manager-Web-Server-3930
"5800:TCP" = 5800:TCP:*:Enabled:MPC-Notebook-System-Manager-Remote-console-5800
"5900:TCP" = 5900:TCP:*:Enabled:MPC-Notebook-System-Manager-Remote-console-5900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01381BB8-2ABB-40CE-988F-49DBF392FE7D}" = MPC Notebook System Manager 3.11
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C025015-D17E-4A74-B54F-7FE76D560023}" = BDI 6.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{27F7494A-5521-4C95-959C-CD4B4D65FCEA}" = ATI Catalyst Control Center
"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD041E8E-51AD-437B-A36E-5475BD1ED49A}" = Fingerprint Sensor Minimum Install
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"ATI Display Driver" = ATI Display Driver
"Caesar 3" = Caesar 3
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0, build 24
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PokerStars" = PokerStars
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"ReportXtender Viewer 5.2" = ReportXtender Viewer 5.2
"SPSS for Windows Student Version 8.0.0" = SPSS 8.0 for Windows Student Version
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Transport T2400 Reference Manual" = Transport T2400 Reference Manual
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/13/2009 11:33:44 AM | Computer Name = MPC-FEC0D47CCF7 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 7/15/2009 2:28:47 PM | Computer Name = MPC-FEC0D47CCF7 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.199 on
the Network Card with network address 0019D22DF4B4.

Error - 7/21/2009 12:46:12 PM | Computer Name = MPC-FEC0D47CCF7 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 7/27/2009 9:35:17 PM | Computer Name = MPC-FEC0D47CCF7 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 0a06001e, parameter2 00000002, parameter3
00000000, parameter4 804f458c.

Error - 7/29/2009 1:46:38 AM | Computer Name = MPC-FEC0D47CCF7 | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 7/31/2009 1:43:30 PM | Computer Name = MPC-FEC0D47CCF7 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10106

Error - 8/1/2009 12:47:50 PM | Computer Name = MPC-FEC0D47CCF7 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10106

Error - 8/1/2009 12:47:50 PM | Computer Name = MPC-FEC0D47CCF7 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952506

Error - 8/1/2009 12:47:55 PM | Computer Name = MPC-FEC0D47CCF7 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506 (0x8007277A).

Error - 8/1/2009 12:48:23 PM | Computer Name = MPC-FEC0D47CCF7 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >

-----------------------
-----------------------


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/02 09:57
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7664000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7515000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7A60000 Size: 11648 File Visible: - Signed: -
Status: -

Name: ADIHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Address: 0xEEA36000 Size: 155648 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF7496000 Size: 101888 File Visible: - Signed: -
Status: -

Name: AEAudio.sys
Image Path: C:\WINDOWS\system32\drivers\AEAudio.sys
Address: 0xEE9EE000 Size: 152960 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF78E4000 Size: 19232 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEDA56000 Size: 138368 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xEE8DB000 Size: 1123136 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7B4C000 Size: 5248 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF7784000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF74AF000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA17000 Size: 258048 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 270336 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF700E000 Size: 1564672 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA8C000 Size: 2637824 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA56000 Size: 221184 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFD10000 Size: 864256 File Visible: - Signed: -
Status: -

Name: ATSwpDrv.sys
Image Path: C:\WINDOWS\System32\Drivers\ATSwpDrv.sys
Address: 0xED951000 Size: 117824 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D46000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7A5C000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B74000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A54000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF6C36000 Size: 1326976 File Visible: - Signed: -
Status: -

Name: btserial.sys
Image Path: C:\WINDOWS\system32\drivers\btserial.sys
Address: 0xF7924000 Size: 22432 File Visible: - Signed: -
Status: -

Name: btslbcsp.sys
Image Path: C:\WINDOWS\system32\drivers\btslbcsp.sys
Address: 0xEB42A000 Size: 203072 File Visible: - Signed: -
Status: -

Name: btwusb.sys
Image Path: C:\WINDOWS\System32\Drivers\btwusb.sys
Address: 0xF7754000 Size: 54336 File Visible: - Signed: -
Status: -

Name: caniodrvr.sys
Image Path: C:\MPC\system_monitor\agent\drivers\caniodrvr.sys
Address: 0xF7D67000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF6C0F000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7844000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF76A4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7B08000 Size: 14080 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7A58000 Size: 9344 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7694000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76F4000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED939000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BAA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEDC2B000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C5D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF6FA9000 Size: 176640 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7794000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF745F000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B72000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74C7000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134272 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6FD5000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7734000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF79A4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7AF8000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xBAE91000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7824000 Size: 52736 File Visible: - Signed: -
Status: -

Name: IFXTPM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
Address: 0xF7804000 Size: 36352 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7834000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7B48000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF77D4000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEDA78000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEDB19000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7644000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF795C000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B44000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEE2AC000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6D7A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7436000 Size: 92032 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF76B4000 Size: 57472 File Visible: - Signed: -
Status: -

Name: MEMIO.SYS
Image Path: C:\WINDOWS\system32\MEMIO.SYS
Address: 0xF7D08000 Size: 2208 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B76000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7994000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7964000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF6AC1000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7674000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEB4AC000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xED996000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF79C4000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7894000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7B3C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7361000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NAVAP.sys
Image Path: C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
Address: 0xEE708000 Size: 253952 File Visible: - Signed: -
Status: -

Name: NAVAPEL.SYS
Image Path: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
Address: 0xEB261000 Size: 69632 File Visible: - Signed: -
Status: -

Name: NAVENG.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090731.004\NAVENG.sys
Address: 0xEE61E000 Size: 82400 File Visible: - Signed: -
Status: -

Name: NAVEX15.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090731.004\NAVEX15.sys
Address: 0xEE633000 Size: 870240 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF737C000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7B20000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEB719000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6C1F000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF78B4000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7764000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEDA99000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF77E4000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79CC000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF73A9000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CCB000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7654000 Size: 61056 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7C0D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF78CC000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pavboot.sys
Image Path: pavboot.sys
Address: 0xF78D4000 Size: 21888 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7504000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C0C000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF78C4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF74E6000 Size: 119936 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xEEA14000 Size: 139264 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6B6E000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7974000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF6AE5000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7864000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7874000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7884000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF797C000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEDA05000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B78000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6B3D000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7854000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xF7954000 Size: 28672 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Address: 0xF77F4000 Size: 50560 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Address: 0xF6DCC000 Size: 307968 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA9B1000 Size: 49152 File Visible: No Signed: -
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xEB875000 Size: 13568 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF79D4000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF7A24000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xEDA31000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF747E000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF6E18000 Size: 67584 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7B18000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7814000 Size: 64896 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF744D000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEB20F000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B68000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\Program Files\Symantec\SYMEVENT.SYS
Address: 0xEE746000 Size: 68192 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF6D9D000 Size: 191936 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEB177000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEDAC1000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF796C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF78A4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6B09000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B66000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF794C000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7724000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6E29000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7944000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF79BC000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7B4A000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6FFA000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7684000 Size: 52352 File Visible: - Signed: -
Status: -

Name: w39n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Address: 0xF6E4C000 Size: 1428096 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7774000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7A04000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEE2F9000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7B46000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -
  • 0

Advertisements

#2
emeraldnzl
Posted 03 August 2009 - 12:58 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
TacticalMonkey
Posted 03 August 2009 - 07:52 AM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi -thanks for the help.

I ran Combofix (log posted below). On second restart, I had a new script load error "'BtnApply' did't lad, from source res://C:\Program Files\Omnoipass\scureapp.exe/index.

Here's the log:

ComboFix 09-08-02.04 - ICIUSER 08/03/2009 6:31.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.643 [GMT -7:00]
Running from: c:\documents and settings\edrie.kelly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1960408961-861567501-725345543-500
c:\windows\Installer\3461ab.msp
c:\windows\Installer\3f3b8.msp
c:\windows\Installer\3f41e.msp

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-02 16:54 . 2009-08-02 16:54 -------- d-----w- c:\program files\ERUNT
2009-07-28 04:10 . 2009-08-03 13:43 117760 ----a-w- c:\documents and settings\edrie.kelly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 04:10 . 2009-07-28 04:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-28 04:09 . 2009-07-29 05:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-28 04:09 . 2009-07-28 04:09 -------- d-----w- c:\documents and settings\edrie.kelly\Application Data\SUPERAntiSpyware.com
2009-07-28 04:00 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-28 03:59 . 2009-07-28 03:59 -------- d-----w- c:\program files\Panda Security
2009-07-21 01:48 . 2009-07-21 01:48 -------- d-----w- c:\documents and settings\edrie.kelly\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 19:45 . 2008-12-25 06:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-31 04:01 . 2007-02-06 16:24 -------- d-----w- c:\documents and settings\edrie.kelly\Application Data\AdobeUM
2009-07-28 04:09 . 2009-01-24 03:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 01:31 . 2008-11-22 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2008-11-22 17:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-11-22 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 16:12 . 1980-01-01 00:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 1980-01-01 00:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 1980-01-01 00:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:55 . 1980-01-01 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 22:24 . 2009-05-26 22:38 -------- d-----w- c:\documents and settings\edrie.kelly\Application Data\vlc
2009-06-15 16:11 . 2009-05-12 16:26 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 19:27 . 1980-01-01 00:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-12 16:16 . 2009-05-12 16:09 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-07 15:44 . 1980-01-01 00:00 344064 ----a-w- c:\windows\system32\localspl.dll
2008-01-28 05:02 . 2009-05-26 22:32 4333568 ----a-w- c:\program files\mplayerc09.exe
2006-03-20 22:37 . 2007-10-29 22:51 5689344 ----a-w- c:\program files\mplayerc.exe
2009-07-25 17:20 . 2008-09-07 15:02 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2005-11-30 1843200]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352]
"Remote Console"="c:\mpc\system_monitor\agent\winvnc.exe" [2007-01-23 368640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-22 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-10 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-11-14 88203]

c:\documents and settings\edrie.kelly\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-1 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-11-30 18:23 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3894:UDP"= 3894:UDP:MPC-Notebook-System-Manager-Agent-3894
"3930:TCP"= 3930:TCP:MPC-Notebook-System-Manager-Web-Server-3930
"5800:TCP"= 5800:TCP:MPC-Notebook-System-Manager-Remote-console-5800
"5900:TCP"= 5900:TCP:MPC-Notebook-System-Manager-Remote-console-5900

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/12/2009 9:09 AM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/27/2009 9:00 PM 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 caniodrvr;caniodrvr;c:\mpc\system_monitor\agent\drivers\Caniodrvr.sys [8/24/2005 2:47 PM 4096]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/23/2007 1:24 PM 4300]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
R2 NMWebSrv;MPC Notebook System Manager Web Server;c:\mpc\jetty\NMWebSrv.exe -s c:\mpc\jetty\NMWebSrv.conf --> c:\mpc\jetty\NMWebSrv.exe -s c:\mpc\jetty\NMWebSrv.conf [?]
R2 SMAgent;MPC Notebook System Manager Agent;c:\mpc\system_monitor\agent\smaagent.exe NML 0 --> c:\mpc\system_monitor\agent\smaagent.exe NML 0 [?]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 4:19 AM 36352]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S2 gupdate1c96659d3874570;Google Update Service (gupdate1c96659d3874570);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2008 11:27 PM 133104]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\docume~1\EDRIE~1.KEL\APPLIC~1\Mozilla\Firefox\Profiles\qws8wp0z.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\edrie.kelly\Application Data\Mozilla\Firefox\Profiles\qws8wp0z.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 06:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5280)
c:\windows\system32\WININET.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\mpc\jetty\NMWebSrv.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\mpc\system_monitor\agent\smaagent.exe
c:\mpc\java\bin\java.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-08-03 6:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 13:48

Pre-Run: 19,610,431,488 bytes free
Post-Run: 20,054,052,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

188 --- E O F --- 2009-07-28 17:35
  • 0

#4
emeraldnzl
Posted 03 August 2009 - 01:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well I don't quite know how that happened.

The real nickynoodles did get the post. :)

My apologies. I will work on your one now. :)

Edited by emeraldnzl, 03 August 2009 - 01:59 PM.

  • 0

#5
TacticalMonkey
Posted 03 August 2009 - 01:32 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hello nickynoodles,



?? Just making sure this was to the correct thread before I proceed. No nickynoodles here. :)
  • 0

#6
emeraldnzl
Posted 03 August 2009 - 02:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi TacticalMonkey,

This one is more appropriate for your machine

The other one wouldn't have done any damage but a bit of waste of time. :)

Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it.
  • It will automatically remove any infection it finds.
Next

Disable resident protections (Antivirus...); remember to re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe (If you are running on Vista you will need to right-click on the file and choose Run As Administrator.)
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#7
TacticalMonkey
Posted 03 August 2009 - 02:41 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Machine just got crushed by a virus/trojan.
Pop ups came on saying the system had identified a virus on the computer, then shut-down and restarted the computer with new background covered in virus warning texts, then a 'security center' opened and ran a bs scan, with a yellow/black chevron in the system tray, and whic essentially hijacked the computer.
It does run in safe mode, and I'm completing the LopSD scan.

Not sure how to transfer that log when it's done, 'cause I'm not at all comfortable using a jump drive that may infect this computer.

I'll think I'll also scane with the MBAM again in safe mode.

AGHH!
  • 0

#8
emeraldnzl
Posted 03 August 2009 - 03:14 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Machine just got crushed by a virus/trojan.


Not good. :)

Just out of interest.

Had you run GooredFix before this happened?

And yes a Malwarebytes might be helpful.

Like to see that Lop S&D scan.

Let me know how you get one :)
  • 0

#9
TacticalMonkey
Posted 03 August 2009 - 03:25 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I had tried to Goored - not sure if it was successful really.

It very quickly opened a text window that had below the scan run details two 'results'[?] lines: one was a C: directory line to firefox extensions, the other is a HKEY_LOCAL_MACHINE line to firefox extentiosn with "[email protected]" = "C: Program Files\Java\jre6\lib\deploy\jqs\ff"

MBAM still scanning- - 4 Objects infected so far.
  • 0

#10
emeraldnzl
Posted 03 August 2009 - 03:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie, look forward to seeing the logs. :)
  • 0

Advertisements

#11
TacticalMonkey
Posted 03 August 2009 - 10:37 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Back up and running it seems.
MBAM found four objects (log also attached below) - SUperAntispyware, Norton, and Ad-Adware were clean following MBAM. fingers crossed....

Logs below (GooredFix run in regular mode - LopSD ran in safe mode, if it makes a difference):

------
GooredFix by jpshortstuff (12.07.09)
Log created at 13:13 on 03/08/2009 (ICIUSER)
Firefox version 3.0.12 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:37 15/05/2007]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [19:29 22/11/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:29 22/11/2008]

-=E.O.F=-

----


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU T7200 @ 2.00GHz )
BIOS : Phoenix FirstBIOS™ Notebook Pro Version 2.0 06XM
USER : ICIUSER ( Administrator )
BOOT : Fail-safe boot
C:\ (Local Disk) - NTFS - Total:55 Go (Free:18 Go)
R:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 08/03/2009|13:36 )

--------------------\\ Listing folders in APPLIC~1

[01/23/2007|01:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[01/23/2007|12:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/23/2007|01:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[01/24/2007|09:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InterVideo
[01/30/2007|03:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[05/12/2009|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[08/03/2009|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 19421874
[02/24/2009|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/09/2009|05:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/02/2009|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[01/23/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[05/12/2009|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/22/2008|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[07/14/2008|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/25/2009|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[07/27/2009|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/30/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[05/02/2009|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/23/2007|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[01/23/2007|12:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[01/23/2007|01:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[01/24/2007|09:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InterVideo
[01/24/2007|09:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/28/2009|07:02] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Adobe
[07/30/2009|09:01] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> AdobeUM
[01/23/2007|01:00] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> ATI
[11/17/2008|10:37] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Canon
[12/24/2008|11:28] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Google
[03/08/2007|01:27] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Help
[01/23/2007|12:40] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Identities
[01/23/2007|01:47] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Intel
[01/24/2007|09:33] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> InterVideo
[05/15/2007|01:44] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Macromedia
[11/22/2008|10:19] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Malwarebytes
[10/29/2007|03:50] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Media Player Classic
[10/02/2008|11:49] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Microsoft
[02/11/2009|01:29] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Move Networks
[09/07/2008|08:02] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Mozilla
[12/01/2007|04:48] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Snapfish
[01/23/2009|08:03] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Southwest Airlines
[11/22/2008|12:26] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> Sun
[07/27/2009|09:09] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/20/2009|03:09] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> U3
[06/15/2009|03:24] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> vlc
[01/31/2008|07:58] C:\DOCUME~1\EDRIE~1.KEL\APPLIC~1\<DIR> WinRAR


[01/30/2007|03:56] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> Adobe
[01/23/2007|01:00] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> ATI
[01/23/2007|12:40] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> Identities
[01/23/2007|01:47] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> Intel
[01/24/2007|09:33] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> InterVideo
[02/01/2007|01:52] C:\DOCUME~1\FTLEWI~1\APPLIC~1\<DIR> Microsoft

[06/01/2009|02:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/23/2007|12:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/03/2009 12:48 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[08/03/2009 01:21 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[08/03/2009 09:09 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[08/03/2009 01:21 PM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[08/03/2009 01:28 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/03/2004 11:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/24/2009|04:00] C:\Program Files\<DIR> Adobe
[01/23/2007|01:59] C:\Program Files\<DIR> Ahead
[01/23/2007|01:04] C:\Program Files\<DIR> Analog Devices
[11/17/2008|10:54] C:\Program Files\<DIR> ArcSoft
[01/23/2007|12:54] C:\Program Files\<DIR> ATI Technologies
[01/23/2007|01:22] C:\Program Files\<DIR> AuthenTec
[01/30/2007|11:24] C:\Program Files\<DIR> BDI
[11/17/2008|10:56] C:\Program Files\<DIR> Caere
[11/17/2008|10:58] C:\Program Files\<DIR> Canon
[01/31/2008|07:30] C:\Program Files\<DIR> Codecs
[08/03/2009|06:36] C:\Program Files\<DIR> Common Files
[01/23/2007|12:33] C:\Program Files\<DIR> ComPlus Applications
[08/02/2009|09:54] C:\Program Files\<DIR> ERUNT
[01/23/2007|01:17] C:\Program Files\<DIR> Fingerprint Sensor
[04/19/2008|02:52] C:\Program Files\<DIR> FLV Player
[02/09/2009|07:11] C:\Program Files\<DIR> Google
[12/01/2007|05:35] C:\Program Files\<DIR> InstallShield Installation Information
[01/23/2007|01:44] C:\Program Files\<DIR> Intel
[07/28/2009|10:35] C:\Program Files\<DIR> Internet Explorer
[01/23/2007|02:15] C:\Program Files\<DIR> InterVideo
[11/22/2008|12:29] C:\Program Files\<DIR> Java
[05/12/2009|09:08] C:\Program Files\<DIR> Lavasoft
[01/23/2007|01:01] C:\Program Files\<DIR> ltmoh
[07/27/2009|06:31] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/23/2007|01:41] C:\Program Files\<DIR> Manual
[11/24/2008|09:54] C:\Program Files\<DIR> Messenger
[01/30/2007|03:07] C:\Program Files\<DIR> Microsoft ActiveSync
[01/23/2007|12:36] C:\Program Files\<DIR> microsoft frontpage
[01/30/2007|03:03] C:\Program Files\<DIR> Microsoft Office
[01/30/2007|03:02] C:\Program Files\<DIR> Microsoft Works
[01/30/2007|02:58] C:\Program Files\<DIR> Microsoft.NET
[01/23/2007|12:34] C:\Program Files\<DIR> Movie Maker
[08/03/2009|01:14] C:\Program Files\<DIR> Mozilla Firefox
[02/05/2007|08:39] C:\Program Files\<DIR> MSN
[01/23/2007|12:32] C:\Program Files\<DIR> MSN Gaming Zone
[11/24/2008|09:50] C:\Program Files\<DIR> MSXML 4.0
[01/23/2007|12:34] C:\Program Files\<DIR> NetMeeting
[03/28/2007|09:49] C:\Program Files\<DIR> Network Stumbler
[02/25/2009|04:50] C:\Program Files\<DIR> NOS
[01/23/2007|12:33] C:\Program Files\<DIR> Online Services
[01/23/2007|12:34] C:\Program Files\<DIR> Outlook Express
[11/30/2008|11:43] C:\Program Files\<DIR> OverDrive Media Console
[07/27/2009|08:59] C:\Program Files\<DIR> Panda Security
[05/19/2009|05:20] C:\Program Files\<DIR> PokerStars
[12/09/2008|07:11] C:\Program Files\<DIR> QuickTime
[01/23/2007|01:27] C:\Program Files\<DIR> SAMSUNG
[03/16/2008|02:02] C:\Program Files\<DIR> Sierra On-Line
[01/23/2007|01:20] C:\Program Files\<DIR> Softex
[01/23/2009|08:02] C:\Program Files\<DIR> Southwest Airlines
[03/17/2008|02:29] C:\Program Files\<DIR> SPSS
[07/28/2009|10:46] C:\Program Files\<DIR> SUPERAntiSpyware
[01/30/2007|12:14] C:\Program Files\<DIR> Symantec
[01/30/2007|12:13] C:\Program Files\<DIR> Symantec_Client_Security
[01/23/2007|01:12] C:\Program Files\<DIR> Synaptics
[01/23/2007|12:40] C:\Program Files\<DIR> Uninstall Information
[04/26/2008|10:05] C:\Program Files\<DIR> uTorrent
[05/26/2009|03:36] C:\Program Files\<DIR> VideoLAN
[01/23/2007|01:33] C:\Program Files\<DIR> WIDCOMM
[05/26/2009|04:12] C:\Program Files\<DIR> Windows Media Connect 2
[05/26/2009|04:12] C:\Program Files\<DIR> Windows Media Player
[01/23/2007|12:32] C:\Program Files\<DIR> Windows NT
[01/23/2007|12:34] C:\Program Files\<DIR> WindowsUpdate
[01/31/2008|07:58] C:\Program Files\<DIR> WinRAR
[01/23/2007|12:36] C:\Program Files\<DIR> xerox
[02/01/2007|04:37] C:\Program Files\<DIR> XtenderSolutions

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/24/2009|03:59] C:\Program Files\Common Files\<DIR> Adobe
[02/24/2009|04:00] C:\Program Files\Common Files\<DIR> Adobe AIR
[01/23/2007|01:59] C:\Program Files\Common Files\<DIR> Ahead
[01/23/2007|12:55] C:\Program Files\Common Files\<DIR> ATI Technologies
[11/17/2008|10:57] C:\Program Files\Common Files\<DIR> Caere
[01/30/2007|03:03] C:\Program Files\Common Files\<DIR> DESIGNER
[01/30/2007|03:59] C:\Program Files\Common Files\<DIR> ESRI
[01/23/2007|01:04] C:\Program Files\Common Files\<DIR> InstallShield
[01/30/2007|03:10] C:\Program Files\Common Files\<DIR> L&H
[01/30/2007|03:11] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/23/2007|12:34] C:\Program Files\Common Files\<DIR> MSSoap
[01/26/2008|04:52] C:\Program Files\Common Files\<DIR> Novell Shared
[01/23/2007|05:28] C:\Program Files\Common Files\<DIR> ODBC
[07/03/2007|04:51] C:\Program Files\Common Files\<DIR> PokerStars.com
[01/23/2007|12:34] C:\Program Files\Common Files\<DIR> Services
[01/23/2007|05:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/30/2007|12:14] C:\Program Files\Common Files\<DIR> Symantec Shared
[01/30/2007|02:59] C:\Program Files\Common Files\<DIR> System
[07/27/2009|09:09] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 18 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\EDRIE~1.KEL\Cookies\iciuser@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 13:45:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\01 Jimmy Raven.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\02 Ahhh Good Country.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\03 Iko Ovo.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\04 Pumpkin Gets a Snakebite.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\05 Pumpkin's Hallucination.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\06 Pumpkin's Funeral.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\07 Jungle Heart.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\08 Hey Friend.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\09 De Soto De Son.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\10 Oh Sweet.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\11 Young Prayer #2.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\12 Do The Nurse.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\13 Ice Cream Factory.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\14 Hey Light.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\15 Two Sails.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\16 Don't Believe the Pilot.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\17 Who Could Win a Rabbit.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\18 Mouth Wooed Her.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\19 Covered In Frogs.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Animal Collective - Animal Crack Box [2009]\20 We Tigers.mp3
C:\DOCUME~1\EDRIE~1.KEL\Desktop\Music\Pixies\Doolittle\09 Crackity Jones.mp3


[F:8][D:3]-> C:\DOCUME~1\EDRIE~1.KEL\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\EDRIE~1.KEL\Cookies
[F:74][D:4]-> C:\DOCUME~1\EDRIE~1.KEL\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 08/03/2009|13:48 - Option : [1]

--------------------\\ Scan completed at 13:48:16





Malwarebytes' Anti-Malware 1.39
Database version: 2547
Windows 5.1.2600 Service Pack 2

8/3/2009 3:25:19 PM
mbam-log-2009-08-03 (15-25-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 152581
Time elapsed: 1 hour(s), 11 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\19421874 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\19421874 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\19421874\19421874 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\19421874\19421874.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
  • 0

#12
emeraldnzl
Posted 03 August 2009 - 11:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello TacticalMonkey,

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post and tell me how your machine is now.
  • 0

#13
TacticalMonkey
Posted 04 August 2009 - 04:53 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok, scan is complete and the report is below. Two infections identified.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, August 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 21:07:29
Records in database: 2580417
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
R:\

Scan statistics:
Files scanned: 68641
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:30:05


File name / Threat name / Threats count
C:\MPC\system_monitor\agent\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1
C:\WINDOWS\Downloaded Installations\{6EF8EE9B-0D03-4698-B1DA-4E884E45EB19}\MPC Notebook System Manager 3.11.msi Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

The selected area was scanned.
  • 0

#14
emeraldnzl
Posted 04 August 2009 - 04:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
How is you machine now?
  • 0

#15
TacticalMonkey
Posted 04 August 2009 - 05:24 PM

TacticalMonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Still redirecting me when I click on a web search result. For example, when I click on the link that should take be to imbd.com, it takes me to Shopica.com
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP