Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run GMER Rootkit Scanner


  • This topic is locked This topic is locked

#1
jctabor42

jctabor42

    New Member

  • Member
  • Pip
  • 5 posts
Hello, I'm a newbie to this site so please forgive any shortcomings in this post. I performed the first 4 recommended steps of the Malware and Spyware Cleaning Guide with no serious problems. Several trojans and tracking cookies were removed. My computer still had the symptoms it had before, i.e. sluggish performance,random program crashes, spontaneous new tabs on the browser,and after the Windows XP starts up there's an error message: "Error loading C:\WINDOWS\omiramiyaparo.dll. The specified module could not be found." So I proceed to the GMER Rootkit scanner. I run it the first time and the computer spontaneously reboots itself. Weird. I run it again and the computer freezes up completely. I tried to run it in safe mode and the "Program is not responding" message comes up. I ran it again after uninstalling some unnecessary programs and it froze up again. I'm at a loss. The OTL did manage to run completely,thankfully. So there's my dilemma, please advise what to do next. Thank you for your time :)
  • 0

Advertisements


#2
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello jctabor42 and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • If in doubt about anything, please ask.

Could you please post those logs normally rather than attach them. Thanks...
  • 0

#3
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you post the OTL log?
  • 0

#4
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

If you are having problems posting the logs normally, try and attach them.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
jctabor42

jctabor42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I hope this works

Attached Files


  • 0

#6
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

-- Step 2 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [Pwozule] C:\WINDOWS\owiramiyaparo.DLL File not found
    O4 - HKCU..\Run: [{3B7AD320-9BD0-B04F-6280-ADCD15345BCD}] C:\Documents and Settings\Owner.JohnTabor\Application Data\Ehmoh\ywic.exe ()
    O4 - HKCU..\Run: [{C4745DBE-F917-79FC-405D-E9A0B048EAD9}] C:\Documents and Settings\Owner.JohnTabor\Application Data\Oneq\huusf.exe ()
    O33 - MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\Shell - "" = AutoRun
    O33 - MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    [2010/07/04 03:40:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlepe.bin
    [2010/07/04 03:40:39 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fjolijevula.dat
    [2010/05/06 06:41:54 | 001,678,531 | ---- | M] () -- C:\WINDOWS\System32\hjmcrato.dll
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Owner.JohnTabor\Application Data\Ehmoh
    C:\Documents and Settings\Owner.JohnTabor\Application Data\Oneq
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 3 --

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
jctabor42

jctabor42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello again,

I ran the GooredFix, OTL, and ComboFix. However, I didn't properly save the OTL log. I swear I thought I did, but I didn't. Stupid me. So here are the other two logs and let me know if I should run OTL again. Sorry about that.


GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:12 on 11/07/2010 (Owner)
Firefox version 3.6.6 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C12D9DEB-40D4-49D5-A834-130244FF76EC} -> Success!
Deleting C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\{C12D9DEB-40D4-49D5-A834-130244FF76EC} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F3808F32-03DD-4740-9FF2-1AD1ED756B1A} -> Success!
Deleting C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\{F3808F32-03DD-4740-9FF2-1AD1ED756B1A} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{AFDF1168-218F-4E1A-BD0D-C3421F9EDC8F} -> Success!
Deleting C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\{AFDF1168-218F-4E1A-BD0D-C3421F9EDC8F} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C03A545C-8C01-450A-817D-6D5D88820184} -> Success!
Deleting C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\{C03A545C-8C01-450A-817D-6D5D88820184} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{09044FFC-07A7-42FF-AD04-83C5CAF960FA} -> Success!
Deleting C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\{09044FFC-07A7-42FF-AD04-83C5CAF960FA} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:34 31/01/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [20:41 01/01/2010]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [06:12 11/11/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [06:19 11/11/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [23:00 24/04/2010]

C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\extensions\
[email protected] [15:08 16/04/2010]
[email protected] [15:42 27/04/2010]
{20a82645-c095-46ed-80e3-08825760534b} [15:42 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:11 30/08/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:00 24/04/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\" [05:04 01/07/2010]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\" [05:05 01/07/2010]

-=E.O.F=-



ComboFix 10-07-11.03 - Owner 07/11/2010 20:28:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.480 [GMT -4:00]
Running from: c:\documents and settings\Owner.JohnTabor\Desktop\FixCombo.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.JohnTabor\Application Data\Ehmoh\ywic.exe
c:\documents and settings\Owner.JohnTabor\Application Data\Emcoe
c:\documents and settings\Owner.JohnTabor\Application Data\Emcoe\doiv.exe
c:\documents and settings\Owner.JohnTabor\Application Data\Mubuaw
c:\documents and settings\Owner.JohnTabor\Application Data\Mubuaw\ygefd.exe
c:\documents and settings\Owner.JohnTabor\Application Data\Oneq\huusf.exe
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\asc.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-11 23:16 . 2010-07-11 23:16 -------- d-----w- C:\_OTL
2010-07-08 15:43 . 2010-07-08 15:43 -------- d-----w- c:\program files\ERUNT
2010-07-06 00:02 . 2010-07-06 00:03 -------- d-----w- c:\program files\trend micro
2010-07-06 00:02 . 2010-07-06 00:03 -------- d-----w- C:\rsit
2010-07-05 23:17 . 2010-07-05 23:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-05 22:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 22:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 22:47 . 2010-07-05 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 11:55 . 2010-07-05 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-02 04:15 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-02 04:15 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-02 04:15 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-02 04:15 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-02 04:15 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-02 04:15 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-06-29 04:36 . 2010-07-01 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-29 04:33 . 2010-07-01 05:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 03:20 . 2010-06-28 03:20 -------- d-----w- c:\windows\system32\Registry Patrol
2010-06-28 03:20 . 2010-07-01 05:19 -------- d-----w- c:\program files\Registry Patrol
2010-06-28 01:24 . 2010-06-28 01:24 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\SurfSecret Privacy Suite
2010-06-28 01:24 . 2010-06-28 01:24 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\Panda Security
2010-06-28 01:20 . 2010-06-28 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-06-27 23:00 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-27 23:00 . 2010-06-28 02:57 -------- d-----w- c:\program files\Panda Security
2010-06-25 04:26 . 2010-06-25 04:26 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Local Settings\Application Data\nfeptnmkt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 23:02 . 2009-05-21 13:06 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\Aqgua
2010-07-11 21:23 . 2009-07-30 18:51 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\Irco
2010-07-09 04:32 . 2009-04-26 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-09 04:32 . 2009-04-26 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-07-08 14:55 . 2009-10-19 11:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-02 04:02 . 2009-11-11 06:14 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\LimeWire
2010-07-01 18:01 . 2010-01-28 02:19 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\ArcSoft
2010-07-01 16:43 . 2010-04-26 19:52 -------- d-----w- c:\program files\Common Files\Motive
2010-07-01 05:20 . 2009-01-31 01:32 -------- d-----w- c:\program files\Gateway Games
2010-07-01 05:20 . 2009-01-31 01:40 -------- d-----w- c:\program files\Real
2010-07-01 05:05 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 05:02 . 2010-06-29 04:36 -------- d-----w- c:\program files\Symantec
2010-07-01 05:02 . 2010-07-01 05:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-01 05:02 . 2010-07-01 05:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-01 05:02 . 2010-07-01 05:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-01 05:02 . 2010-07-01 05:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-01 04:59 . 2010-07-01 04:59 -------- d-----w- c:\program files\Norton Internet Security
2010-07-01 04:46 . 2010-07-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-07-01 04:46 . 2010-07-01 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-01 04:30 . 2010-07-01 04:30 -------- d-----w- c:\program files\Windows Sidebar
2010-07-01 04:29 . 2010-07-01 04:29 -------- d-----w- c:\program files\NortonInstaller
2010-07-01 04:04 . 2009-01-31 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-04 18:37 . 2009-10-22 18:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 00:35 . 2010-02-14 18:31 1430 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\wklnhst.dat
2010-05-27 16:45 . 2010-05-27 16:45 503808 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\msvcp71.dll
2010-05-27 16:45 . 2010-05-27 16:45 499712 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\jmc.dll
2010-05-27 16:45 . 2010-05-27 16:45 348160 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\msvcr71.dll
2010-05-27 16:45 . 2010-05-27 16:45 61440 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-485046e6-n\decora-sse.dll
2010-05-27 16:45 . 2010-05-27 16:45 12800 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-485046e6-n\decora-d3d.dll
2010-05-21 18:14 . 2009-11-13 20:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 15:50 . 2010-01-21 00:54 256 ----a-w- c:\windows\system32\pool.bin
2010-05-06 10:41 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-06-17 09:23 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 23:00 . 2010-04-24 23:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 18:18 . 2010-04-24 18:18 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-20 05:30 . 2009-01-31 00:11 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/27/2010 7:00 PM 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [7/2/2010 12:15 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [7/2/2010 12:15 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [7/2/2010 12:15 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [7/2/2010 12:15 AM 116784]
R2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2/1/2009 3:01 PM 38176]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [7/2/2010 12:14 AM 126392]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/1/2010 1:04 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100709.001\IDSXpx86.sys [7/11/2010 4:43 PM 331640]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-07-03 c:\windows\Tasks\Norton Internet Security - Owner - Full System Scan.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-07-02 05:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner.JohnTabor\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{3B7AD320-9BD0-B04F-6280-ADCD15345BCD} - c:\documents and settings\Owner.JohnTabor\Application Data\Ehmoh\ywic.exe
HKCU-Run-{C4745DBE-F917-79FC-405D-E9A0B048EAD9} - c:\documents and settings\Owner.JohnTabor\Application Data\Oneq\huusf.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 20:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-07-11 20:45:23
ComboFix-quarantined-files.txt 2010-07-12 00:45

Pre-Run: 106,781,368,320 bytes free
Post-Run: 106,753,867,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C99EC3D7414EF671C8DA4E028715E2C4
  • 0

#8
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

You should find the OTL log in the folder C:\_OTL\MovedFiles

Please follow these steps and give me an update on how your computer's running.

-- Step 1 --

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
c:\documents and settings\Owner.JohnTabor\Application Data\Oneq
c:\documents and settings\Owner.JohnTabor\Local Settings\Application Data\nfeptnmkt
c:\documents and settings\Owner.JohnTabor\Application Data\Aqgua
c:\documents and settings\Owner.JohnTabor\Application Data\Irco

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform Quick Scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
jctabor42

jctabor42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

My computer seems to be running better. The previous problems are gone. I'll know for sure in the next few days. Here are the logs you asked for:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Pwozule deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{3B7AD320-9BD0-B04F-6280-ADCD15345BCD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7AD320-9BD0-B04F-6280-ADCD15345BCD}\ not found.
C:\Documents and Settings\Owner.JohnTabor\Application Data\Ehmoh\ywic.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{C4745DBE-F917-79FC-405D-E9A0B048EAD9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4745DBE-F917-79FC-405D-E9A0B048EAD9}\ not found.
C:\Documents and Settings\Owner.JohnTabor\Application Data\Oneq\huusf.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936ff9ba-c287-11de-8bd7-001676ba530f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936ff9ba-c287-11de-8bd7-001676ba530f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936ff9ba-c287-11de-8bd7-001676ba530f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936ff9ba-c287-11de-8bd7-001676ba530f}\ not found.
File J:\LaunchU3.exe not found.
C:\WINDOWS\Vlepe.bin moved successfully.
C:\WINDOWS\Fjolijevula.dat moved successfully.
C:\WINDOWS\system32\hjmcrato.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Owner.JohnTabor\Application Data\Ehmoh folder moved successfully.
C:\Documents and Settings\Owner.JohnTabor\Application Data\Oneq folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 13689508 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33632735 bytes
->Flash cache emptied: 8022 bytes

User: NetworkService
->Temp folder emptied: 383518 bytes
->Temporary Internet Files folder emptied: 115759202 bytes
->Java cache emptied: 26 bytes
->Flash cache emptied: 22538 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner.JohnTabor
->Temp folder emptied: 179651354 bytes
->Temporary Internet Files folder emptied: 2236499 bytes
->Java cache emptied: 37923580 bytes
->FireFox cache emptied: 36433243 bytes
->Flash cache emptied: 12451 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 317 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51030642 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 580768 bytes

Total Files Cleaned = 450.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Owner.JohnTabor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07112010_191618

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S3N9MQ3T\857[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M1SMA77E\Attorneys[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M1SMA77E\grab[1].cur moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M1SMA77E\iepngfix[1].htc moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3D26DELX\if[1].htm moved successfully.
C:\WINDOWS\temp\fla26.tmp moved successfully.
C:\WINDOWS\temp\fla27.tmp moved successfully.
C:\WINDOWS\temp\fla28.tmp moved successfully.
C:\WINDOWS\temp\fla29.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_ad8.dat moved successfully.
File\Folder C:\WINDOWS\temp\TMP0000000A90CF6347CF109640 not found!

Registry entries deleted on Reboot...




ComboFix 10-07-11.03 - Owner 07/13/2010 0:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.339 [GMT -4:00]
Running from: c:\documents and settings\Owner.JohnTabor\Desktop\FixCombo.exe
Command switches used :: c:\documents and settings\Owner.JohnTabor\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.JohnTabor\Application Data\Aqgua
c:\documents and settings\Owner.JohnTabor\Application Data\Aqgua\emuln.isa
c:\documents and settings\Owner.JohnTabor\Application Data\Irco
c:\documents and settings\Owner.JohnTabor\Local Settings\Application Data\nfeptnmkt

.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-12 02:00 . 2010-07-12 02:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-11 23:16 . 2010-07-11 23:16 -------- d-----w- C:\_OTL
2010-07-08 15:43 . 2010-07-08 15:43 -------- d-----w- c:\program files\ERUNT
2010-07-06 00:02 . 2010-07-06 00:03 -------- d-----w- c:\program files\trend micro
2010-07-06 00:02 . 2010-07-06 00:03 -------- d-----w- C:\rsit
2010-07-05 23:17 . 2010-07-05 23:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-05 22:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 22:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 22:47 . 2010-07-05 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 11:55 . 2010-07-05 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-02 04:15 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-02 04:15 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-02 04:15 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-02 04:15 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-02 04:15 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-02 04:15 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-06-29 04:36 . 2010-07-01 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-29 04:33 . 2010-07-01 05:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 03:20 . 2010-06-28 03:20 -------- d-----w- c:\windows\system32\Registry Patrol
2010-06-28 03:20 . 2010-07-01 05:19 -------- d-----w- c:\program files\Registry Patrol
2010-06-28 01:24 . 2010-06-28 01:24 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\SurfSecret Privacy Suite
2010-06-28 01:24 . 2010-06-28 01:24 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\Panda Security
2010-06-28 01:20 . 2010-06-28 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-06-27 23:00 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-27 23:00 . 2010-06-28 02:57 -------- d-----w- c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 04:32 . 2009-04-26 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-09 04:32 . 2009-04-26 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-07-08 14:55 . 2009-10-19 11:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-02 04:02 . 2009-11-11 06:14 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\LimeWire
2010-07-01 18:01 . 2010-01-28 02:19 -------- d-----w- c:\documents and settings\Owner.JohnTabor\Application Data\ArcSoft
2010-07-01 16:43 . 2010-04-26 19:52 -------- d-----w- c:\program files\Common Files\Motive
2010-07-01 05:20 . 2009-01-31 01:32 -------- d-----w- c:\program files\Gateway Games
2010-07-01 05:20 . 2009-01-31 01:40 -------- d-----w- c:\program files\Real
2010-07-01 05:05 . 2010-06-29 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 05:02 . 2010-06-29 04:36 -------- d-----w- c:\program files\Symantec
2010-07-01 05:02 . 2010-07-01 05:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-01 05:02 . 2010-07-01 05:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-01 05:02 . 2010-07-01 05:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-01 05:02 . 2010-07-01 05:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-01 04:59 . 2010-07-01 04:59 -------- d-----w- c:\program files\Norton Internet Security
2010-07-01 04:46 . 2010-07-01 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-07-01 04:46 . 2010-07-01 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-01 04:30 . 2010-07-01 04:30 -------- d-----w- c:\program files\Windows Sidebar
2010-07-01 04:29 . 2010-07-01 04:29 -------- d-----w- c:\program files\NortonInstaller
2010-07-01 04:04 . 2009-01-31 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-04 18:37 . 2009-10-22 18:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 00:35 . 2010-02-14 18:31 1430 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\wklnhst.dat
2010-05-27 16:45 . 2010-05-27 16:45 503808 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\msvcp71.dll
2010-05-27 16:45 . 2010-05-27 16:45 499712 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\jmc.dll
2010-05-27 16:45 . 2010-05-27 16:45 348160 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-341349d7-n\msvcr71.dll
2010-05-27 16:45 . 2010-05-27 16:45 61440 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-485046e6-n\decora-sse.dll
2010-05-27 16:45 . 2010-05-27 16:45 12800 ----a-w- c:\documents and settings\Owner.JohnTabor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-485046e6-n\decora-d3d.dll
2010-05-21 18:14 . 2009-11-13 20:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 15:50 . 2010-01-21 00:54 256 ----a-w- c:\windows\system32\pool.bin
2010-05-06 10:41 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-06-17 09:23 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 23:00 . 2010-04-24 23:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 18:18 . 2010-04-24 18:18 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-20 05:30 . 2009-01-31 00:11 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( [email protected]_00.40.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-13 04:15 . 2010-07-13 04:15 16384 c:\windows\Temp\Perflib_Perfdata_8bc.dat
+ 2010-07-13 04:13 . 2010-07-13 04:13 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2010-07-12 02:00 . 2010-07-12 02:00 470528 c:\windows\Installer\577db9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/27/2010 7:00 PM 28552]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [7/2/2010 12:15 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [7/2/2010 12:15 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/13/2010 12:25 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [7/2/2010 12:15 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [7/2/2010 12:15 AM 116784]
R2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2/1/2009 3:01 PM 38176]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [7/2/2010 12:14 AM 126392]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/1/2010 1:04 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100712.001\IDSXpx86.sys [7/13/2010 12:25 AM 331640]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-07-03 c:\windows\Tasks\Norton Internet Security - Owner - Full System Scan.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-07-02 05:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner.JohnTabor\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 00:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-07-13 01:02:49
ComboFix-quarantined-files.txt 2010-07-13 05:02
ComboFix2.txt 2010-07-12 00:45

Pre-Run: 106,605,363,200 bytes free
Post-Run: 106,590,752,768 bytes free

- - End Of File - - 91D1F1BD50F41D712D831570538CF827





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4292

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2010 1:18:11 AM
mbam-log-2010-07-13 (01-18-11).txt

Scan type: Quick scan
Objects scanned: 141491
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Glad things are improving.
We do not recommend the use of registry cleaners. The benefits are minimal and not worth the problems they can cause. I recommend you remove Registry Patrol.

Please follow these steps.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.
-- Step 3 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#11
jctabor42

jctabor42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello again. Sorry about the wait.



KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 19, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 18, 2010 19:45:43
Records in database: 4230528
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 145276
Threats found: 3
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 08:05:24


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.JohnTabor\Application Data\Mubuaw\ygefd.exe.vir Infected: Packed.Win32.Krap.hm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\asc.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP370\A0027570.exe Infected: Packed.Win32.Krap.gx 1
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP381\A0034914.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP381\A0034999.exe Infected: Packed.Win32.Krap.hm 1
C:\_OTL\MovedFiles\07112010_191618\C_Documents and Settings\Owner.JohnTabor\Application Data\Ehmoh\ywic.exe Infected: Packed.Win32.Krap.hm 1
C:\_OTL\MovedFiles\07112010_191618\C_Documents and Settings\Owner.JohnTabor\Application Data\Oneq\huusf.exe Infected: Packed.Win32.Krap.hm 1

Selected area has been scanned.



OTL logfile created on: 7/19/2010 10:17:40 AM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Owner.JohnTabor\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 99.76 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.47% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNTABOR
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.JohnTabor\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\Owner.JohnTabor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\WINDOWS\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.JohnTabor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (catchme) -- C:\DOCUME~1\OWNER~1.JOH\LOCALS~1\Temp\catchme.sys File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100718.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100718.003\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100716.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (HPFECP06) -- C:\WINDOWS\System32\drivers\HPFECP06.SYS ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (iaStor) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (QCDonner) -- C:\WINDOWS\system32\drivers\OVCD.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E D8 7F 3E A0 19 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..keyword.URL: "http://ca.search.yah...anda1_0yatb&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/07/03 00:01:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/07/01 01:05:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/09 01:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 23:11:27 | 000,000,000 | ---D | M]

[2009/11/11 02:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Extensions
[2009/11/11 02:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Extensions\[email protected]
[2010/07/18 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\extensions
[2010/04/27 11:42:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\extensions\[email protected]
[2010/04/27 11:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Mozilla\Firefox\Profiles\t1f3gfes.default\extensions\[email protected]
[2010/07/19 01:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 19:00:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/24 19:00:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/03 14:45:48 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2010/07/13 00:55:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/13 22:48:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/11 22:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/07/11 20:16:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/11 20:11:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/11 19:16:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/08 12:42:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.JohnTabor\Desktop\OTL.exe
[2010/07/08 11:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/06 14:01:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.JohnTabor\Desktop\TFC.exe
[2010/07/05 20:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/07/05 20:02:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/05 19:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/05 18:47:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 18:47:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 13:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/03 07:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/03 07:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/02 00:15:14 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2010/07/02 00:15:14 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
[2010/07/02 00:15:14 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/07/02 00:15:13 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symds.sys
[2010/07/02 00:15:13 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.sys
[2010/07/02 00:15:13 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/07/02 00:15:13 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symefa.sys
[2010/07/02 00:15:13 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/07/02 00:15:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/07/02 00:15:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/07/02 00:15:12 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.sys
[2010/07/02 00:15:12 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\cchpx86.sys
[2010/07/02 00:15:12 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/07/02 00:15:12 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\ironx86.sys
[2010/07/02 00:12:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
[2010/07/01 01:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JohnTabor\My Documents\Symantec
[2010/07/01 01:02:35 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/01 01:02:35 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/01 00:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/07/01 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/07/01 00:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/07/01 00:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/07/01 00:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0400000.07F
[2010/07/01 00:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/07/01 00:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/30 23:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/06/29 10:53:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/29 02:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/06/29 02:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/06/29 00:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/29 00:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/06/29 00:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/27 23:20:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol
[2010/06/27 23:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Patrol
[2010/06/27 21:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\SurfSecret Privacy Suite
[2010/06/27 21:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Panda Security
[2010/06/27 21:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/06/27 19:00:54 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/06/27 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/06/27 14:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/27 14:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/25 00:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 00:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/26 16:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\SupportSoft
[2010/04/26 15:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Motive
[2010/04/26 15:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/04/26 15:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/04/26 15:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/04/24 14:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/24 14:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/24 14:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 14:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/01 17:12:39 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/01/01 17:12:34 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 90 Days ==========

[2010/07/18 11:15:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 11:14:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/18 11:14:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 11:14:35 | 937,066,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/14 23:59:10 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Owner.JohnTabor\NTUSER.DAT
[2010/07/14 23:59:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.JohnTabor\ntuser.ini
[2010/07/14 00:20:21 | 004,844,688 | -H-- | M] () -- C:\Documents and Settings\Owner.JohnTabor\Local Settings\Application Data\IconCache.db
[2010/07/13 23:08:52 | 000,628,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/07/13 01:37:16 | 000,064,578 | ---- | M] () -- C:\Documents and Settings\Owner.JohnTabor\My Documents\cv101.jpg
[2010/07/13 00:57:48 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/13 00:55:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 20:17:06 | 000,000,268 | RHS- | M] () -- C:\boot.ini
[2010/07/11 20:03:11 | 003,736,761 | R--- | M] () -- C:\Documents and Settings\Owner.JohnTabor\Desktop\FixCombo.exe
[2010/07/08 12:42:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JohnTabor\Desktop\OTL.exe
[2010/07/08 10:55:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 14:00:52 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JohnTabor\Desktop\TFC.exe
[2010/07/05 18:47:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 14:39:05 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/03 14:39:05 | 000,000,197 | ---- | M] () -- C:\Boot.bak
[2010/07/02 23:49:39 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Owner - Full System Scan.job
[2010/07/02 23:49:30 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/07/01 12:33:55 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/07/01 01:18:08 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/01 01:02:35 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/01 01:02:35 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/01 01:02:35 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/01 01:02:34 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/01 00:59:05 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Owner.JohnTabor\My Documents\Norton Installation Files.lnk
[2010/07/01 00:32:09 | 000,627,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[2010/06/29 11:19:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/29 01:59:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/06/27 21:28:41 | 000,000,264 | ---- | M] () -- C:\WINDOWS\pimdbey.dll.nanflmrkxtns
[2010/06/23 03:42:36 | 000,501,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:42:36 | 000,441,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:42:36 | 000,071,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 01:33:58 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 20:35:54 | 000,001,430 | ---- | M] () -- C:\Documents and Settings\Owner.JohnTabor\Application Data\wklnhst.dat
[2010/05/18 11:50:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/14 02:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
[2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/05/02 01:47:21 | 000,641,024 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\ironx86.sys
[2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
[2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 04:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/04/25 17:43:19 | 001,208,320 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/24 21:30:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/04/21 23:02:36 | 000,007,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/04/21 23:02:36 | 000,007,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symefa.sys
[2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys
[2010/04/21 23:01:56 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
[2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys
[2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys
[2010/04/21 22:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/04/21 22:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/04/21 22:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/04/21 22:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf

========== Files Created - No Company Name ==========

[2010/07/13 01:37:16 | 000,064,578 | ---- | C] () -- C:\Documents and Settings\Owner.JohnTabor\My Documents\cv101.jpg
[2010/07/11 20:17:06 | 000,000,197 | ---- | C] () -- C:\Boot.bak
[2010/07/11 20:16:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/11 20:13:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 20:03:30 | 003,736,761 | R--- | C] () -- C:\Documents and Settings\Owner.JohnTabor\Desktop\FixCombo.exe
[2010/07/08 23:59:14 | 937,066,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/05 18:47:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 14:39:04 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/07/02 23:46:43 | 000,628,226 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/07/02 00:15:14 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat
[2010/07/02 00:15:14 | 000,007,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat
[2010/07/02 00:15:14 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/07/02 00:15:14 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/07/02 00:15:13 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat
[2010/07/02 00:15:13 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat
[2010/07/02 00:15:13 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat
[2010/07/02 00:15:13 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf
[2010/07/02 00:15:13 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.inf
[2010/07/02 00:15:13 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf
[2010/07/02 00:15:12 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat
[2010/07/02 00:15:12 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
[2010/07/02 00:15:12 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.cat
[2010/07/02 00:15:12 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\cchpx86.inf
[2010/07/02 00:15:12 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf
[2010/07/02 00:15:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
[2010/07/02 00:12:44 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/07/01 12:33:55 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2010/07/01 01:23:28 | 000,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Owner - Full System Scan.job
[2010/07/01 01:13:38 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Owner.JohnTabor\My Documents\Norton Installation Files.lnk
[2010/07/01 01:02:35 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/01 01:02:35 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/01 01:01:03 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/07/01 00:31:42 | 000,627,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[2010/06/29 01:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2010/06/27 21:28:40 | 000,000,264 | ---- | C] () -- C:\WINDOWS\pimdbey.dll.nanflmrkxtns
[2010/04/24 14:37:23 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/01 17:12:39 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/01/01 17:12:39 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/01/01 17:12:38 | 009,611,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/02/01 15:02:04 | 000,000,130 | ---- | C] () -- C:\WINDOWS\HPFTBX06.INI
[2009/02/01 15:01:54 | 000,134,112 | ---- | C] () -- C:\WINDOWS\System32\hpfmlc06.dll
[2009/02/01 15:01:51 | 000,067,380 | ---- | C] () -- C:\WINDOWS\System32\hpfpml06.dll
[2009/02/01 15:01:49 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\hpf24r06.dll
[2009/02/01 15:01:47 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpfecp06.sys
[2009/02/01 15:01:47 | 000,027,164 | ---- | C] () -- C:\WINDOWS\System32\hpfiop06.dll
[2009/02/01 15:01:46 | 000,056,060 | ---- | C] () -- C:\WINDOWS\System32\hpfmem06.dll
[2009/02/01 15:01:44 | 000,068,700 | ---- | C] () -- C:\WINDOWS\System32\hpfcom06.dll
[2009/02/01 15:01:44 | 000,044,856 | ---- | C] () -- C:\WINDOWS\System32\hpflpm06.dll
[2009/02/01 15:01:43 | 001,184,768 | ---- | C] () -- C:\WINDOWS\System32\hpftrl06.dll
[2009/02/01 15:01:43 | 000,195,584 | ---- | C] () -- C:\WINDOWS\System32\hpfscp06.dll
[2009/02/01 15:01:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\hpfrsu06.dll
[2009/02/01 15:01:39 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\hpfdat06.dll
[2009/02/01 15:01:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\hpfhrl06.dll
[2009/02/01 15:01:37 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\hpfmrl06.dll
[2009/02/01 15:01:35 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hpfwin06.dll
[2009/02/01 15:01:34 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\hpfmon06.dll
[2009/02/01 15:01:33 | 000,711,168 | ---- | C] () -- C:\WINDOWS\System32\hpfimg06.dll
[2009/02/01 15:01:32 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\hpfcnt06.dll
[2009/02/01 15:01:31 | 000,276,480 | ---- | C] () -- C:\WINDOWS\System32\hpfcps06.dll
[2009/02/01 15:01:29 | 000,002,850 | ---- | C] () -- C:\WINDOWS\System32\hpflnk06.ini
[2009/02/01 15:01:26 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\hpfrsa06.dll
[2009/01/30 23:16:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/30 21:36:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/01/30 21:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 05:24:58 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 05:24:57 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/30 00:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/27 21:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/07/01 00:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/02/03 14:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/01/20 21:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/09 00:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/10/26 20:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/01/30 21:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/30 21:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/24 14:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 11:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 11:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/02 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\LimeWire
[2009/08/14 10:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Meboru
[2010/06/27 21:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Panda Security
[2010/01/20 20:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Research In Motion
[2009/01/30 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\SampleView
[2010/01/27 22:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Skinux
[2010/06/27 21:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\SurfSecret Privacy Suite
[2010/02/14 14:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Template
[2009/08/24 20:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JohnTabor\Application Data\Uhkae

========== Purity Check ==========


< End of report >
  • 0

#12
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Congratulations, your computer appears clean :)

You just have some traces of McAfee on your system that you should remove. Please use the McAfee Removal Tool to completely remove McAfee from your system.

Let's update Java and remove the tools we've been using.

Please follow these steps.

-- Step 1 --
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")
-- Step 2 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 3 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#13
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP