Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

possible Hijack- browser redirecting & s-l-o-w

Started by Captain_Irie , Sep 02 2010 11:48 AM

  • Please log in to reply

#1
Captain_Irie
Posted 02 September 2010 - 11:48 AM

Captain_Irie

    New Member

  • Member
  • Pip
  • 2 posts
Hello,
My browser is redirecting and running exceptionally slow. The only program that has been added or downloaded is Spyware Doctor (after the suspected hijacking).

I followed the six steps per your instructions on what to do before posting. Malware and SpyDoctor shows zero infections. Below are the GMAR and OTL logs per the instructions;

Thank You in Advance.

Windows 7

OTL logfile created on: 9/2/2010 1:13:15 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jenni\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.24 Gb Total Space | 8.18 Gb Free Space | 6.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNI-HOME-PC
Current User Name: Jenni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Jenni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - c:\SvcTools\pkg\SLM-Usage\InvMeter.exe (Dell Inc.)
PRC - C:\SvcTools\8.2.0.6\bin\lnchr.exe (Dell Inc.)
PRC - c:\SvcTools\8.2.0.6\bin\lnchr.exe (Dell Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
PRC - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Jenni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SMA8.2.0.6) -- c:\SvcTools\8.2.0.6\bin\lnchr.exe (Dell Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100902.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100902.004\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 BB 3B 19 CA 5D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 14:18:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 12:49:03 | 000,000,000 | ---D | M]

[2010/04/18 13:08:26 | 000,000,000 | ---D | M] -- C:\Users\Jenni\AppData\Roaming\Mozilla\Extensions
[2010/08/10 07:39:46 | 000,000,000 | ---D | M] -- C:\Users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\qbtemz1s.default\extensions
[2010/04/23 17:37:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\qbtemz1s.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/04/18 13:09:45 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\qbtemz1s.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010/04/30 19:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/30 19:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/30 19:28:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SMA8.2.0.6] c:\SvcTools\8.2.0.6\bin\lnchr.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ctn.webex.co...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cc973ad6-6279-11df-b1c4-002170f81d69}\Shell - "" = AutoRun
O33 - MountPoints2\{cc973ad6-6279-11df-b1c4-002170f81d69}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/02 12:29:39 | 000,000,000 | ---D | C] -- C:\Users\Jenni\AppData\Roaming\Malwarebytes
[2010/09/02 12:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 12:28:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenni\Desktop\mbam-setup.exe
[2010/09/02 12:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jenni\Documents\fix pc tools
[2010/09/02 12:25:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/02 12:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 12:22:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jenni\Desktop\erunt-setup.exe
[2010/09/02 11:51:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jenni\Desktop\TFC.exe
[2010/09/02 10:09:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jenni\Desktop\OTL.exe
[2010/08/28 09:52:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/28 09:52:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/28 09:52:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/28 09:51:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/28 09:51:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/28 09:51:58 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/28 09:51:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/28 09:51:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/28 09:51:38 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/28 09:51:38 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/24 01:00:27 | 000,000,000 | ---D | C] -- C:\02e2b1f16d904bcdcc29e2
[2010/08/23 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Jenni\AppData\Local\Threat Expert
[2010/08/23 20:50:21 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/08/23 20:50:21 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/08/23 20:50:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/08/23 20:49:14 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/08/23 20:49:14 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/08/23 20:49:08 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/08/23 20:49:08 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/08/23 20:48:45 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/08/23 20:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/23 20:48:39 | 000,000,000 | ---D | C] -- C:\Users\Jenni\AppData\Roaming\PC Tools
[2010/08/23 20:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/23 20:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/23 20:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/16 08:41:16 | 000,000,000 | ---D | C] -- C:\Users\Jenni\AppData\Roaming\968 Series
[2010/08/15 21:16:59 | 000,000,000 | ---D | C] -- C:\logs
[2010/08/15 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/08/15 21:13:02 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XPNG.DEL
[2010/08/15 21:13:02 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XTIF.DEL
[2010/08/15 21:13:02 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31IMG.DIL
[2010/08/15 21:13:01 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMGMAN32.DLL
[2010/08/15 21:13:01 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMHOST32.DLL
[2010/08/15 21:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\968 Series
[2010/08/15 21:12:00 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2010/08/15 21:12:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2010/08/15 21:11:58 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2010/08/15 21:11:57 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dldogf.dll
[2010/08/15 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dell 968 AIO Printer
[2010/08/14 12:23:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/14 12:22:41 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/14 12:22:22 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/14 12:22:22 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2007/09/10 19:46:54 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2007/09/10 19:43:36 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2007/09/10 19:43:28 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2007/09/10 19:43:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2007/09/10 19:41:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2007/09/10 19:41:10 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2007/09/10 19:40:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2007/09/10 19:36:50 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2007/09/10 19:36:28 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll

========== Files - Modified Within 30 Days ==========

[2010/09/02 13:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 13:13:49 | 003,670,016 | -HS- | M] () -- C:\Users\Jenni\NTUSER.DAT
[2010/09/02 12:52:35 | 000,284,915 | ---- | M] () -- C:\Users\Jenni\Desktop\gmer.zip
[2010/09/02 12:29:00 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenni\Desktop\mbam-setup.exe
[2010/09/02 12:24:58 | 000,000,894 | ---- | M] () -- C:\Users\Jenni\Desktop\NTREGOPT.lnk
[2010/09/02 12:24:58 | 000,000,875 | ---- | M] () -- C:\Users\Jenni\Desktop\ERUNT.lnk
[2010/09/02 12:23:36 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 12:23:36 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 12:22:17 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jenni\Desktop\erunt-setup.exe
[2010/09/02 12:20:32 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/02 12:20:32 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/02 12:20:32 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/02 12:16:50 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/02 12:16:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 12:16:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/02 12:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/02 12:16:07 | 2809,057,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/02 12:10:41 | 001,834,200 | -H-- | M] () -- C:\Users\Jenni\AppData\Local\IconCache.db
[2010/09/02 11:51:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jenni\Desktop\TFC.exe
[2010/09/02 10:09:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jenni\Desktop\OTL.exe
[2010/08/31 08:49:48 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\HFCleanup1.job
[2010/08/25 12:49:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/24 14:12:34 | 000,000,473 | ---- | M] () -- C:\ProgramData\dldo
[2010/08/23 20:49:15 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/08/15 21:17:15 | 000,020,342 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2010/08/15 21:13:18 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.LNK
[2010/08/14 13:58:52 | 000,285,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/03 15:42:22 | 000,026,112 | ---- | M] () -- C:\Users\Jenni\Documents\class descriptions for nvcc_Fall 2010.doc

========== Files Created - No Company Name ==========

[2010/09/02 12:52:34 | 000,284,915 | ---- | C] () -- C:\Users\Jenni\Desktop\gmer.zip
[2010/09/02 12:24:58 | 000,000,894 | ---- | C] () -- C:\Users\Jenni\Desktop\NTREGOPT.lnk
[2010/09/02 12:24:58 | 000,000,875 | ---- | C] () -- C:\Users\Jenni\Desktop\ERUNT.lnk
[2010/08/31 08:50:23 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/31 08:49:48 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\HFCleanup1.job
[2010/08/23 20:54:35 | 000,012,880 | ---- | C] () -- C:\ProgramData\dldo.log
[2010/08/23 20:50:21 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/08/23 20:50:21 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/08/23 20:50:21 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/08/23 20:50:21 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/08/23 20:50:21 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/08/23 20:49:14 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/08/23 20:49:08 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/08/23 20:49:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/08/23 20:48:51 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/08/23 20:48:45 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/08/15 21:18:16 | 000,000,473 | ---- | C] () -- C:\ProgramData\dldo
[2010/08/15 21:16:03 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2010/08/15 21:13:18 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.LNK
[2010/08/15 21:13:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2010/08/15 21:13:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2010/08/15 21:13:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2010/08/15 21:13:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2010/08/15 21:12:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2010/08/15 21:12:03 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2010/08/15 21:11:59 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2010/08/15 21:11:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2010/08/15 21:11:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2010/08/15 21:11:58 | 000,691,756 | ---- | C] () -- C:\Windows\System32\DLDOhelp.chm
[2010/08/15 21:11:58 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2010/08/15 21:11:57 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2010/08/15 21:11:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2010/08/15 21:11:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2010/08/15 21:11:56 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2010/08/15 21:11:48 | 000,020,342 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2010/08/03 15:35:32 | 000,026,112 | ---- | C] () -- C:\Users\Jenni\Documents\class descriptions for nvcc_Fall 2010.doc
[2009/11/12 19:20:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/08 12:27:58 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2009/11/08 12:27:58 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2009/11/08 12:27:58 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2009/11/08 12:27:58 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/09/06 21:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 19:51:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/08/01 09:15:52 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2007/06/14 21:45:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 9/2/2010 10:09:41 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jenni\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.24 Gb Total Space | 5.62 Gb Free Space | 4.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNI-HOME-PC
Current User Name: Jenni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"Dell Webcam Central" = Dell Webcam Central
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MESOL" = Intel® Active Management Technology
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"POP Peeper" = POP Peeper
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Spyware Doctor" = Spyware Doctor 7.0
"uTorrent" = µTorrent
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 11:56:03 AM | Computer Name = Jenni-Home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1358 Start
Time: 01cb445221e5b921 Termination Time: 10 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 3ca8c270-b061-11df-bc18-002170f81d69

Error - 8/25/2010 11:59:58 AM | Computer Name = Jenni-Home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 8/25/2010 12:08:39 PM | Computer Name = Jenni-Home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Downloader in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2a5cd7-5c3f9556>>JavaUpdateManager.class
by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
deleted successfully. Security Risk Found!Downloader in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2a5cd7-5c3f9556>>JavaUpdateManager.class
by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
deleted successfully. Security Risk Found!Downloader in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2a5cd7-5c3f9556
by: Manual scan. Action: Compressed file processing succeeded. Action Description:
The file was left unchanged. Risk Found!Downloader in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2a5cd7-5c3f9556
by: Manual scan. Action: Compressed file processing succeeded. Action Description:
The file was left unchanged.

Error - 8/25/2010 12:08:42 PM | Computer Name = Jenni-Home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Trojan Horse in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\bfd9b43-74b7c912>>quote/GReader.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan Horse in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\bfd9b43-74b7c912>>quote/GReader.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Security Risk Found!Trojan Horse in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\bfd9b43-74b7c912
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Risk Found!Trojan Horse in File: c:\Users\Jenni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\bfd9b43-74b7c912
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 8/25/2010 2:18:44 PM | Computer Name = Jenni-Home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 130c Start
Time: 01cb4481c5417be4 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 2e8b91ed-b075-11df-bedf-002170f81d69

Error - 8/25/2010 2:21:42 PM | Computer Name = Jenni-Home-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 8/26/2010 9:53:11 AM | Computer Name = Jenni-Home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 508 Start
Time: 01cb45256688d434 Termination Time: 10 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 3b8d9be6-b119-11df-950b-002170f81d69

Error - 8/30/2010 8:50:56 AM | Computer Name = Jenni-Home-PC | Source = Windows Backup | ID = 4103
Description =

Error - 8/31/2010 7:07:38 AM | Computer Name = Jenni-Home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3d8 Start
Time: 01cb48f34764509b Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 8/31/2010 7:20:45 AM | Computer Name = Jenni-Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: jscript.dll, version: 5.8.7600.16385,
time stamp: 0x4a5bda08 Exception code: 0xc0000005 Fault offset: 0x00024b45 Faulting
process id: 0xf3c Faulting application start time: 0x01cb48fcb961450d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\jscript.dll
Report
Id: cbfd3666-b4f1-11df-95c4-002170f81d69

[ System Events ]
Error - 8/31/2010 11:46:23 PM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 9:26:22 AM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 9:26:24 AM | Computer Name = Jenni-Home-PC | Source = SCardSvr | ID = 610
Description =

Error - 9/1/2010 9:26:24 AM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 9:47:34 AM | Computer Name = Jenni-Home-PC | Source = BROWSER | ID = 8032
Description =

Error - 9/1/2010 7:19:30 PM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 7:19:33 PM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 7:19:34 PM | Computer Name = Jenni-Home-PC | Source = SCardSvr | ID = 610
Description =

Error - 9/1/2010 7:19:34 PM | Computer Name = Jenni-Home-PC | Source = WudfUsbccidDriver | ID = 12
Description =

Error - 9/1/2010 7:35:29 PM | Computer Name = Jenni-Home-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-02 13:04:37
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Jenni\AppData\Local\Temp\agryyaoc.sys


---- System - GMER 1.0.15 ----

SSDT 87BD25B0 ZwConnectPort
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8CF6B2D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8CF6B4C8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8CF6B6D0]
SSDT 87C5C9D8 ZwResumeThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8CF6AF44]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A47AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A47104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A302D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A2F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A47958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A47F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A481A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 836605C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83685052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 8368C90C 4 Bytes [B0, 25, BD, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 35C 8368C95C 8 Bytes [D6, B2, F6, 8C, C8, B4, F6, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 394 8368C994 4 Bytes [D0, B6, F6, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 8368CCE0 4 Bytes [D8, C9, C5, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E8 8368CDE8 4 Bytes [44, AF, F6, 8C]
.text peauth.sys A7B4EC9D 28 Bytes JMP DBCFF4AD
.text peauth.sys A7B4ECC1 28 Bytes JMP DBCFF4D1
PAGE peauth.sys A7B54B9B 9 Bytes [E0, 2F, B4, C5, 7F, CA, 65, ...]
PAGE peauth.sys A7B54BA9 58 Bytes [05, 12, CE, 23, 1E, C7, A1, ...]
PAGE peauth.sys A7B54BEC 111 Bytes [6E, 7E, AC, A8, A6, 6B, D3, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!CreateWindowExW 77250E51 5 Bytes JMP 67068157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxIndirectParamW 77274AA7 5 Bytes JMP 6718F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxParamW 7727564A 5 Bytes JMP 66F84BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxParamA 7728CF6A 5 Bytes JMP 6718F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxIndirectParamA 7728D29C 5 Bytes JMP 6718F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxIndirectA 7729E8C9 5 Bytes JMP 6718F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxIndirectW 7729E9C3 5 Bytes JMP 6718F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxExA 7729EA29 5 Bytes JMP 6718F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxExW 7729EA4D 5 Bytes JMP 6718F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!UnhookWindowsHookEx 7724CC7B 5 Bytes JMP 6707835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!CallNextHookEx 7724CC8F 5 Bytes JMP 67059D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!CreateWindowExW 77250E51 5 Bytes JMP 67068157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!SetWindowsHookExW 7725210A 5 Bytes JMP 67014633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!DialogBoxIndirectParamW 77274AA7 5 Bytes JMP 6718F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!DialogBoxParamW 7727564A 5 Bytes JMP 66F84BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!DialogBoxParamA 7728CF6A 5 Bytes JMP 6718F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!DialogBoxIndirectParamA 7728D29C 5 Bytes JMP 6718F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!MessageBoxIndirectA 7729E8C9 5 Bytes JMP 6718F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!MessageBoxIndirectW 7729E9C3 5 Bytes JMP 6718F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!MessageBoxExA 7729EA29 5 Bytes JMP 6718F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] USER32.dll!MessageBoxExW 7729EA4D 5 Bytes JMP 6718F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] ole32.dll!OleLoadFromStream 76055B88 5 Bytes JMP 6718FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4800] ole32.dll!CoCreateInstance 760A57FC 5 Bytes JMP 67068C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!UnhookWindowsHookEx 7724CC7B 5 Bytes JMP 6707835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!CallNextHookEx 7724CC8F 5 Bytes JMP 67059D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!CreateWindowExW 77250E51 5 Bytes JMP 67068157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!SetWindowsHookExW 7725210A 5 Bytes JMP 67014633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!DialogBoxIndirectParamW 77274AA7 5 Bytes JMP 6718F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!DialogBoxParamW 7727564A 5 Bytes JMP 66F84BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!DialogBoxParamA 7728CF6A 5 Bytes JMP 6718F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!DialogBoxIndirectParamA 7728D29C 5 Bytes JMP 6718F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!MessageBoxIndirectA 7729E8C9 5 Bytes JMP 6718F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!MessageBoxIndirectW 7729E9C3 5 Bytes JMP 6718F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!MessageBoxExA 7729EA29 5 Bytes JMP 6718F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] USER32.dll!MessageBoxExW 7729EA4D 5 Bytes JMP 6718F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] ole32.dll!OleLoadFromStream 76055B88 5 Bytes JMP 6718FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5036] ole32.dll!CoCreateInstance 760A57FC 5 Bytes JMP 67068C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
IndiGenus
Posted 06 September 2010 - 07:55 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi Captain_Irie and welcome to the forums.

:)

Sorry for the delay in getting to your post here.

My name is Dave. I would be glad to take a look at your loga and help you with solving any malware problems. The logs that we ask for can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Malware and the removal process can pose a risk of data loss. Also, with some infections we may advise you to reformat and re-install Windows. I recommend you make a backup of any data that you have created, such as documents, pictures, music, etc... before we begin the fix if possible.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
Captain_Irie
Posted 16 September 2010 - 08:21 AM

Captain_Irie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Dave,
Thanks for your response : )

Sorry for the late respnse, have been out of town on business but am now back for the month. I appreciate you getting back to me.

I ran TDSSKiller and found no infections, the logs are below.

Note: Symantec has been finding JS Security tool






2010/09/16 09:41:29.0845 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 09:41:29.0845 ================================================================================
2010/09/16 09:41:29.0845 SystemInfo:
2010/09/16 09:41:29.0845
2010/09/16 09:41:29.0845 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/16 09:41:29.0845 Product type: Workstation
2010/09/16 09:41:29.0845 ComputerName: JENNI-HOME-PC
2010/09/16 09:41:29.0845 UserName: Jenni
2010/09/16 09:41:29.0845 Windows directory: C:\Windows
2010/09/16 09:41:29.0845 System windows directory: C:\Windows
2010/09/16 09:41:29.0845 Processor architecture: Intel x86
2010/09/16 09:41:29.0845 Number of processors: 2
2010/09/16 09:41:29.0845 Page size: 0x1000
2010/09/16 09:41:29.0845 Boot type: Normal boot
2010/09/16 09:41:29.0845 ================================================================================
2010/09/16 09:41:30.0205 Initialize success
2010/09/16 09:41:40.0805 ================================================================================
2010/09/16 09:41:40.0805 Scan started
2010/09/16 09:41:40.0805 Mode: Manual;
2010/09/16 09:41:40.0805 ================================================================================
2010/09/16 09:41:44.0505 ================================================================================
2010/09/16 09:41:44.0505 Scan finished
2010/09/16 09:41:44.0505 ================================================================================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP