Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer will not shut down properly, possible malware?


  • This topic is locked This topic is locked

#1
PrincessLeia

PrincessLeia

    Member

  • Member
  • PipPip
  • 43 posts
My computer currently will not shut down properly and it requires using the back button to turn it off. While it is shutting down, it will say that Internet Explorer is still running and we do not use it as a browser. Also, it will state that other processes are running that we do not use or open.

In addition, I have noticed some types of google redirects but the redirects are not to blocked sites, but to random sites stating that the search site does not exist (when indeed it does), or it will reroute to a completely different site which is usually an advertisement site.

I've had 2 malware infections in this year, and we use Webroot. Currently, Webroot will state that it is blocking sites from a potentially dangerous website and it will find spy cookies and malware such as "zedo cookie."

Does anyone know what is going on here? Is this a combination of something going wrong with my computer in addition to a malware infection?
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

Let's see what's going on. Do the following steps please:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I have the logs. I would also like to mention, after the scans when I attempted to pull up the website to post the logs, firefox kept crashing. Or, it would redirect me to a different site. The scan doesn't have anything to do with that, does it?

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 20:28:25
-----------------------------
20:28:25.312 OS Version: Windows 5.1.2600 Service Pack 3
20:28:25.312 Number of processors: 1 586 0x801
20:28:25.312 ComputerName: JEREMIAH-KF1Y8X UserName:
20:28:26.406 Initialize success
20:31:56.250 AVAST engine defs: 11090501
20:34:59.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:34:59.359 Disk 0 Vendor: WDC_WD800BB-22FJA0 13.03G13 Size: 76319MB BusType: 3
20:34:59.359 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:34:59.375 Disk 1 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 32253MB BusType: 3
20:34:59.375 Device \Driver\atapi -> DriverStartIo 8a25a2e0
20:35:01.390 Disk 0 MBR read successfully
20:35:01.390 Disk 0 MBR scan
20:35:01.406 Disk 0 Windows XP default MBR code found via API
20:35:01.406 Disk 0 unknown MBR code
20:35:01.421 Disk 0 MBR hidden
20:35:01.421 Disk 0 scanning sectors +156280320
20:35:01.453 Disk 0 scanning C:\WINDOWS\system32\drivers
20:35:01.468 Service scanning
20:35:03.468 Modules scanning
20:35:03.703 Disk 0 trace - called modules:
20:35:03.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a25a4c0]<<
20:35:03.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2fbab8]
20:35:03.718 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a356f18]
20:35:03.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a2a8d98]
20:35:03.718 \Driver\atapi[0x8a2aeb28] -> IRP_MJ_CREATE -> 0x8a25a4c0
20:35:04.531 AVAST engine scan C:\WINDOWS
20:35:04.875 AVAST engine scan C:\WINDOWS\system32
20:35:05.156 AVAST engine scan C:\WINDOWS\system32\drivers
20:35:05.437 AVAST engine scan C:\Documents and Settings\Jeremiah Schumacher
20:35:05.718 AVAST engine scan C:\Documents and Settings\All Users
20:35:05.734 Scan finished successfully
20:35:21.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat"
20:35:21.562 The log file has been saved successfully to "C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR log.txt"


OTL logfile created on: 9/5/2011 8:43:28 PM - Run 8
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.96 Gb Free Space | 64.36% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.02 Gb Free Space | 53.74% Space Free | Partition Type: FAT32
Drive F: | 409.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 15:33:56 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe
PRC - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/03/24 06:42:32 | 000,142,336 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
PRC - [2010/11/10 18:16:42 | 031,095,432 | ---- | M] (Dmailer S.A.) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/04/19 18:04:20 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/11/10 23:15:31 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/19 18:37:33 | 000,055,808 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srv14C.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srv14C.tmp] -- (srv14C)
SRV - [2011/08/02 19:57:25 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/12 02:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/02/26 12:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 12:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 07:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {5e889276-e2a3-4821-8400-34132f0cb12a}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 13:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 18:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 06:31:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 06:31:40 | 000,000,000 | ---D | M]

[2008/09/01 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/09/05 20:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2011/06/19 14:50:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/05 20:38:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}
[2011/08/01 19:07:46 | 000,000,000 | ---D | M] (SporTV Community Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/09/03 08:34:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/30 08:26:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2010/11/18 15:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2011/09/05 20:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 23:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 01:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/03 18:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 18:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 08:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 10:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 06:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/07/02 10:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

Hosts file not found
O2 - BHO: (no name) - {021E961F-C02A-4D57-832D-9264684EC5Ad} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-18..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-19..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-20..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [GoogleServiceService] C:\Documents and Settings\All Users\Application Data\GoogleServiceService.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Dmailer S.A.)
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [wmiWeb64] C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport\wmiWeb64.dll ()
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 () - http://a7.sphotos.ak...3533357_500.jpg
O24 - Desktop Components:2 () - http://a8.sphotos.ak...3_6277614_n.jpg
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 14:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: srv14C - \\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srv14C.tmp ()
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 15:34:01 | 000,239,616 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 15:33:59 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\Documents and Settings\All Users\Application Data\GoogleServiceService.dll
[2011/09/05 14:02:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\My Vaults
[2011/09/05 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\SanDisk SecureAccess Manager
[2011/09/05 12:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2011/09/05 12:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Proxure
[2011/09/05 12:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/09/05 12:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/09/05 12:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/09/05 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/09/05 12:09:30 | 000,000,000 | ---D | C] -- C:\8fd39794d05c79cb3a6ac5d5bd159e59
[2011/09/05 12:08:36 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/09/05 12:06:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/05 12:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/04 18:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\tdsskiller
[2011/09/04 18:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\GooredFix Backups
[2011/09/02 22:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport
[2011/08/24 20:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/08/19 22:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/19 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 20:37:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/05 20:35:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 20:24:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/05 20:16:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/05 19:56:18 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/09/05 18:53:43 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 18:53:27 | 000,001,680 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
[2011/09/05 18:51:42 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/05 18:51:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 17:32:40 | 003,515,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/05 15:34:01 | 000,239,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 15:33:56 | 000,068,608 | ---- | M] (Creative Technology Ltd) -- C:\Documents and Settings\All Users\Application Data\GoogleServiceService.dll
[2011/09/05 14:02:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:21:47 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[2011/09/05 12:11:31 | 000,435,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/05 12:11:31 | 000,068,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/05 01:56:08 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/08/23 20:01:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/14 14:08:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 20:35:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 15:35:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/05 15:35:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/05 15:34:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/05 12:21:47 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[2011/09/05 12:11:24 | 000,154,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\747073s32x2s4it14g
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g
[2011/05/10 18:12:54 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8d3477s2b521076
[2011/05/10 18:12:53 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\8d3477s2b521076
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2011/02/21 19:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 19:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2010/12/27 21:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 16:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 10:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 04:26:58 | 000,041,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 18:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 18:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 19:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 19:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 15:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 17:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 07:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 22:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 22:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 20:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 20:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 12:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 20:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 20:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 20:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 19:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 11:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 10:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 10:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 10:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 10:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 10:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 10:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 10:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 10:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 10:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 10:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 09:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 16:35:11 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 11:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 16:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 15:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 15:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 14:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 14:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 05:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 05:02:09 | 003,515,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,435,760 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,068,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2011/09/05 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2008/12/09 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 14:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 13:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/28 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/03/20 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/08 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/29 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 21:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 16:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 13:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 12:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2005/09/06 01:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Ohmay
[2007/04/12 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2011/09/05 17:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2010/12/30 21:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\start
[2010/10/06 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/09/05 18:51:42 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/09/05 18:53:27 | 000,001,680 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2003/03/31 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\internet explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/02 06:31:30 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/02 06:31:24 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\internet explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 9/5/2011 8:43:28 PM - Run 8
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 47.96 Gb Free Space | 64.36% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.02 Gb Free Space | 53.74% Space Free | Partition Type: FAT32
Drive F: | 409.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SpywareDetector\LiveUpdateSD.exe" = C:\Program Files\SpywareDetector\LiveUpdateSD.exe:*:Enabled:Spyware Detector Liveupdate
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\magicg\Magic\Manalink.exe" = C:\Program Files\Mozilla Firefox\magicg\Magic\Manalink.exe:*:Disabled:manalink -- (MicroProse Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Web Office Pro Keyboard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D7B2217-6055-4678-8E99-3FBECD0F65F9}" = CinemaNow Media Manager
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4809d4c-1f28-41cc-8578-a72b75defb39}" = D2600
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E03F902A-7F44-430E-A2E8-8A745A25443D}" = SymNet
"{e382eb50-c5f2-42ca-bad0-901a12fc81ba}" = DJ_SF_05_D2600_Software_Min
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA6197F3-B467-4c70-B450-42D9E0C11400}" = HP Deskjet D2600 Printer Driver Software 12.0 Rel .5
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Battleship" = Battleship
"CentraClient" = Centra Client
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"C-Media Audio" = C-Media 3D Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dcmsvc_is1" = dcmsvc 1.0
"Digital Editions" = Adobe Digital Editions
"DMM" = TDK Digital MixMaster
"EXPRESSBURN" = Express Burn
"Global Trading System" = Global Trading System
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InCD!UninstallKey" = InCD (Ahead Software)
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero Express (Web installer)
"RealPlayer 6.0" = RealPlayer
"Registry Patrol v3.0" = Registry Patrol v3.0
"S3" = UniChrome IGP Driver and Utilities
"ShockwaveFlash" = Adobe Flash Player 9
"Shop for HP Supplies" = Shop for HP Supplies
"StreamTorrent 1.0" = StreamTorrent 1.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPMedic_is1" = XPMedic
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Abacast Client" = Abacast Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2011 1:28:35 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5219

Error - 9/5/2011 1:46:00 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/5/2011 1:46:00 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1050360

Error - 9/5/2011 1:46:00 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1050360

Error - 9/5/2011 1:46:03 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/5/2011 1:46:03 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1053297

Error - 9/5/2011 1:46:03 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1053297

Error - 9/5/2011 1:46:05 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/5/2011 1:46:05 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1055313

Error - 9/5/2011 1:46:05 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1055313

[ System Events ]
Error - 9/5/2011 12:40:04 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/5/2011 12:40:04 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7023
Description = The srv14C service terminated with the following error: %%127

Error - 9/5/2011 10:44:22 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/5/2011 10:44:22 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7023
Description = The srv14C service terminated with the following error: %%127

Error - 9/5/2011 12:03:44 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/5/2011 12:03:44 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7023
Description = The srv14C service terminated with the following error: %%127

Error - 9/5/2011 6:32:54 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/5/2011 6:32:54 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7023
Description = The srv14C service terminated with the following error: %%127

Error - 9/5/2011 7:53:30 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/5/2011 7:53:30 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7023
Description = The srv14C service terminated with the following error: %%127


< End of report >
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following now:

  • On your desktop should be a file MBR.dat.
  • Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply

NEXT...

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you go:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 sshrmd.sys
0xF7617000 ssfs0bbc.sys
0xF74C9000 ssidrv.sys
0xF749C000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xF7707000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xF798B000 viaide.sys
0xF770F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF747D000 ftdisk.sys
0xF798D000 dmload.sys
0xF7457000 dmio.sys
0xF7717000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF743F000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF741F000 fltmgr.sys
0xF740D000 sr.sys
0xF789B000 bsstor.sys
0xF7880000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7667000 uagp35.sys
0xBA7E6000 Mup.sys
0xF7913000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7697000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xBA6B5000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xBA6A1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA66B000 \SystemRoot\System32\DRIVERS\HSFBS2S2.sys
0xBA648000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA549000 \SystemRoot\System32\DRIVERS\HSFDPSP2.sys
0xBA4A1000 \SystemRoot\System32\DRIVERS\HSFCXTS2.sys
0xF774F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7993000 \SystemRoot\System32\Drivers\vulfnth.sys
0xF775F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xBA47D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7767000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF777F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA3B5000 \SystemRoot\system32\drivers\cmuda.sys
0xBA391000 \SystemRoot\system32\drivers\portcls.sys
0xF76D7000 \SystemRoot\system32\drivers\drmk.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF779F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7933000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA37D000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7587000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7995000 \SystemRoot\System32\DRIVERS\msikbd2k.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7A90000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF793F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBA2C6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7567000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7557000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA28D000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7547000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA25D000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7537000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF77EF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF799B000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBA1FF000 \SystemRoot\System32\DRIVERS\update.sys
0xBA7B2000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7517000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA6E2000 \SystemRoot\System32\Drivers\vulfntr.sys
0xF74F7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF799F000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A79000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xB91B6000 \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
0xF773F000 \SystemRoot\System32\drivers\vga.sys
0xF79AF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7757000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF792B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB9133000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB90DA000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB908A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA76E000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8FB2000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA2B6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA75E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8F90000 \SystemRoot\System32\drivers\afd.sys
0xBA74E000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB8F65000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB8EF5000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2AA000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA73E000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA2A2000 \SystemRoot\system32\DRIVERS\IPFilter.sys
0xBA29E000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xB8E2D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA70E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8E15000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA1D7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77F7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB91CE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBF1EF000 \SystemRoot\System32\ATMFD.DLL
0xB644A000 \SystemRoot\system32\drivers\wdmaud.sys
0xB641D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB659F000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79A9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5D1E000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xB5D01000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xB5B11000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xB6090000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xB5A91000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8ECB000 \SystemRoot\system32\SetupNT.sys
0xB5948000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xB658F000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xB58D0000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xB51AF000 \SystemRoot\System32\Drivers\HTTP.sys
0xB494D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
712 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
788 C:\WINDOWS\system32\services.exe
800 C:\WINDOWS\system32\lsass.exe
960 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
992 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1192 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1384 svchost.exe
1464 C:\WINDOWS\system32\spoolsv.exe
1716 svchost.exe
1816 C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
1832 C:\WINDOWS\system32\svchost.exe
1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1964 C:\WINDOWS\explorer.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
260 C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
460 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
492 C:\WINDOWS\system32\svchost.exe
508 C:\Program Files\Java\jre6\bin\jqs.exe
516 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
344 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1056 C:\Program Files\dcmsvc\dcmsvc.exe
1264 C:\WINDOWS\system32\svchost.exe
1292 C:\WINDOWS\system32\svchost.exe
1536 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1672 C:\Program Files\Common Files\Java\Java Update\jusched.exe
612 C:\WINDOWS\system32\tcpsvcs.exe
1752 C:\Program Files\iTunes\iTunesHelper.exe
1984 C:\WINDOWS\system32\snmp.exe
312 C:\WINDOWS\system32\rundll32.exe
324 C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
332 C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe
360 C:\WINDOWS\system32\rundll32.exe
396 C:\WINDOWS\system32\svchost.exe
624 C:\Program Files\Viewpoint\Common\ViewpointService.exe
864 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1364 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3324 C:\Program Files\iPod\bin\iPodService.exe
4048 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
4076 C:\WINDOWS\system32\wscntfy.exe
2784 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3052 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2164 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
236 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
3044 C:\Program Files\Mozilla Firefox\firefox.exe
2508 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3824 SSU.exe
2812 C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD800BB-22FJA0, Rev: 13.03G13
PhysicalDrive1 Model Number: WDCWD400BB-00DEA0, Rev: 05.03E05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEB181963CE32F6B11B754CA9C8C7C95D90DBAFC
31 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 97170AB11D0D4C2107649122304A6CAEC2AF2E80


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files

  • Attached File  MBR.zip   539bytes   22 downloads

  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

The scan doesn't have anything to do with that, does it?

No. I'm still looking into master boot record and possible malicious hooks so don't worry. Please proceed with this:

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

  • 0

#7
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF012000 C:\WINDOWS\System32\vtdisp.dll 1953792 bytes (VIA/S3 Graphics, Inc., VIA/S3G UniChrome(Pro) IGP Driver)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA549000 C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBA3B5000 C:\WINDOWS\system32\drivers\cmuda.sys 819200 bytes (C-Media Inc, C-Media Audio WDM Driver)
0xBA4A1000 C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5470000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xB8EF5000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5799000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xBA1FF000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB90DA000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB5631000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF1EF000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB58DE000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xB4CD7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8FB2000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBA66B000 C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB5510000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xBA25D000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF74C9000 ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xB64EA000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF749C000 C:\WINDOWS\system32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB48BE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB8F65000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB908A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7457000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB8E23000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xBA391000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBA47D000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xBA648000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB8F90000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBA6B5000 C:\WINDOWS\system32\DRIVERS\vtmini.sys 135168 bytes (Copyright © VIA/S3 Graphics, Inc., VIA/S3G Miniport Driver)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF741F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF747D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB58C1000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xBA7E6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF743F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB8E0B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7880000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xBA2C6000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB91B6000 C:\WINDOWS\system32\drivers\SBREdrv.sys 94208 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xB653A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBA37D000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xBA6A1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB9133000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF740D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBA28D000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA36D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76D7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB666A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF74F7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB55D1000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7577000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7557000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xBA73E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7567000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7617000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF7667000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF7697000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7517000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7537000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB4D38000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA75E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7547000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA74E000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7607000 sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xBA76E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF774F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7757000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7767000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF770F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF777F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF781F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF773F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7717000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7707000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77F7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA29E000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA7B2000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7933000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 bsstor.sys 12288 bytes (B.H.A Co.,Ltd., B.H.A Storage Helper Driver (WindowsNT5.x))
0xBA7AA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA2BA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA2A2000 C:\WINDOWS\system32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint)
0xB5925000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA2AA000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF793F000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF791F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7913000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xBA6E2000 C:\WINDOWS\System32\Drivers\vulfntr.sys 12288 bytes (VIA Technologies, Inc., VIA USB Roothub Lower Filter Driver)
0xF79A9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79BD000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7995000 C:\WINDOWS\System32\DRIVERS\msikbd2k.sys 8192 bytes
0xF798F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79B1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF799B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF799F000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7993000 C:\WINDOWS\System32\Drivers\vulfnth.sys 8192 bytes (VIA Technologies, Inc., VIA USB Host Controller Lower Filter Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A80000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AB0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A6A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB5C4C000 C:\WINDOWS\system32\SetupNT.sys 4096 bytes
0x8A275020 unknown_irp_handler 4064 bytes
0x8A270020 unknown_irp_handler 4064 bytes
0x8A273020 unknown_irp_handler 4064 bytes
0x8A2AE020 unknown_irp_handler 4064 bytes
0x8A11C288 unknown_irp_handler 3448 bytes
0x8A11C300 unknown_irp_handler 3328 bytes
0x8A241358 unknown_irp_handler 3240 bytes
0x8A110398 unknown_irp_handler 3176 bytes
0x8A2413D0 unknown_irp_handler 3120 bytes
0x8A110410 unknown_irp_handler 3056 bytes
0x8A110488 unknown_irp_handler 2936 bytes
0x8A2659A0 unknown_irp_handler 1632 bytes
0x8A265A18 unknown_irp_handler 1512 bytes
0x8A10EDA0 unknown_irp_handler 608 bytes
0x8A10EE18 unknown_irp_handler 488 bytes
0x8A10EE90 unknown_irp_handler 368 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [HSF_AMOS.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [Tmfilter.sys]
WARNING: Virus alike driver modification [fetnd5.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [bsudf.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [fetnd5b.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [HSF_SOAR.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [HSF_MSFT.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [HSF_SAMP.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [HSF_BSC2.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [HSF_SPKP.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [bsstor.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please proceed with the following now:

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#9
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I won't be able to do this until Sunday, just to let you know. I'll be sure to do this then, thanks! (I work late and have a busy weekend)
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Have a nice working weekend.:)
  • 0

Advertisements


#11
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Back from out of town!

I attempted to run Combofix but it told me that Norton is active. I have not used Norton in years, and I checked to make sure it was uninstalled.

If I run Combofix, will there be any damage to my computer? The last time I ran Combofix, this also happened but my computer was fine.
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
From your logs I can't see Norton is installed. Please, just ignore that and run it.
  • 0

#13
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here's the combofix log:

ComboFix 11-09-11.06 - Jeremiah Schumacher 09/11/2011 19:45:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.663 [GMT -5:00]
Running from: c:\documents and settings\Jeremiah Schumacher\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\GoogleServiceService.dll
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}
c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\chrome.manifest
c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\chrome\xulcache.jar
c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\defaults\preferences\xulcache.js
c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\install.rdf
c:\documents and settings\Jeremiah Schumacher\Application Data\Ohmay
c:\documents and settings\Jeremiah Schumacher\Application Data\Ohmay\boyci.huo
c:\documents and settings\Jeremiah Schumacher\Application Data\Start
c:\documents and settings\Jeremiah Schumacher\Application Data\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\documents and settings\Jeremiah Schumacher\Application Data\Start\temp_CCDE3245\flash.10.0.32.18.ocx
c:\documents and settings\Jeremiah Schumacher\wihxmhkgib.tmp
c:\documents and settings\Jeremiah Schumacher\WINDOWS
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xpin221h.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xpin221h.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xpin221h.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xpin221h.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xpin221h.default\extensions\{5e889276-e2a3-4821-8400-34132f0cb12a}\install.rdf
c:\program files\Internet Explorer\SET10B.tmp
c:\program files\Internet Explorer\SET110.tmp
c:\program files\Internet Explorer\SET136.tmp
c:\program files\Internet Explorer\SET13B.tmp
c:\program files\Internet Explorer\SET1AB.tmp
c:\program files\Internet Explorer\SET1B0.tmp
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\service
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\service\04042010_TIS17_SfFniAU.log
c:\windows\system32\service\04052010_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_SfFniAU.log
c:\windows\system32\service\05052010_TIS17_SfFniAU.log
c:\windows\system32\service\05112010_TIS17_SfFniAU.log
c:\windows\system32\service\06012011_TIS17_SfFniAU.log
c:\windows\system32\service\06112010_TIS17_SfFniAU.log
c:\windows\system32\service\08012011_TIS17_SfFniAU.log
c:\windows\system32\service\09012011_TIS17_SfFniAU.log
c:\windows\system32\service\09122010_TIS17_SfFniAU.log
c:\windows\system32\service\10072010_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\11012010_TIS17_SfFniAU.log
c:\windows\system32\service\11082010_TIS17_SfFniAU.log
c:\windows\system32\service\11112010_TIS17_SfFniAU.log
c:\windows\system32\service\12022011_TIS17_SfFniAU.log
c:\windows\system32\service\12062010_TIS17_SfFniAU.log
c:\windows\system32\service\12092010_TIS17_SfFniAU.log
c:\windows\system32\service\12102010_TIS17_SfFniAU.log
c:\windows\system32\service\12122010_TIS17_SfFniAU.log
c:\windows\system32\service\13062010_TIS17_SfFniAU.log
c:\windows\system32\service\13112010_TIS17_SfFniAU.log
c:\windows\system32\service\14052010_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\14112010_TIS17_SfFniAU.log
c:\windows\system32\service\15012011_TIS17_SfFniAU.log
c:\windows\system32\service\15062010_TIS17_SfFniAU.log
c:\windows\system32\service\16012011_TIS17_SfFniAU.log
c:\windows\system32\service\16062010_TIS17_SfFniAU.log
c:\windows\system32\service\16082009_TIS17_SfFniAU.log
c:\windows\system32\service\17082009_TIS17_SfFniAU.log
c:\windows\system32\service\17082010_TIS17_SfFniAU.log
c:\windows\system32\service\17102010_TIS17_SfFniAU.log
c:\windows\system32\service\18022011_TIS17_SfFniAU.log
c:\windows\system32\service\18042010_TIS17_SfFniAU.log
c:\windows\system32\service\18122010_TIS17_SfFniAU.log
c:\windows\system32\service\19022010_TIS17_SfFniAU.log
c:\windows\system32\service\19022011_TIS17_SfFniAU.log
c:\windows\system32\service\19062010_TIS17_SfFniAU.log
c:\windows\system32\service\19082009_TIS17_SfFniAU.log
c:\windows\system32\service\19092010_TIS17_SfFniAU.log
c:\windows\system32\service\19122010_TIS17_SfFniAU.log
c:\windows\system32\service\20022011_TIS17_SfFniAU.log
c:\windows\system32\service\20062010_TIS17_SfFniAU.log
c:\windows\system32\service\20072010_TIS17_SfFniAU.log
c:\windows\system32\service\20082009_TIS17_SfFniAU.log
c:\windows\system32\service\20102010_TIS17_SfFniAU.log
c:\windows\system32\service\20122010_TIS17_SfFniAU.log
c:\windows\system32\service\21022010_TIS17_SfFniAU.log
c:\windows\system32\service\21022011_TIS17_SfFniAU.log
c:\windows\system32\service\21092010_TIS17_SfFniAU.log
c:\windows\system32\service\21102009_TIS17_SfFniAU.log
c:\windows\system32\service\22042010_TIS17_SfFniAU.log
c:\windows\system32\service\22062010_TIS17_SfFniAU.log
c:\windows\system32\service\22082009_TIS17_SfFniAU.log
c:\windows\system32\service\22082010_TIS17_SfFniAU.log
c:\windows\system32\service\22102009_TIS17_SfFniAU.log
c:\windows\system32\service\23012011_TIS17_SfFniAU.log
c:\windows\system32\service\23022011_TIS17_SfFniAU.log
c:\windows\system32\service\23042010_TIS17_SfFniAU.log
c:\windows\system32\service\23062010_TIS17_SfFniAU.log
c:\windows\system32\service\23072009_TIS17_SfFniAU.log
c:\windows\system32\service\23082009_TIS17_SfFniAU.log
c:\windows\system32\service\23122010_TIS17_SfFniAU.log
c:\windows\system32\service\24022011_TIS17_SfFniAU.log
c:\windows\system32\service\24102010_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\25062010_TIS17_SfFniAU.log
c:\windows\system32\service\25092009_TIS17_SfFniAU.log
c:\windows\system32\service\26062010_TIS17_SfFniAU.log
c:\windows\system32\service\26082010_TIS17_SfFniAU.log
c:\windows\system32\service\26102009_TIS17_SfFniAU.log
c:\windows\system32\service\26102010_TIS17_SfFniAU.log
c:\windows\system32\service\27102009_TIS17_SfFniAU.log
c:\windows\system32\service\27102010_TIS17_SfFniAU.log
c:\windows\system32\service\28042010_TIS17_SfFniAU.log
c:\windows\system32\service\28072010_TIS17_SfFniAU.log
c:\windows\system32\service\28102010_TIS17_SfFniAU.log
c:\windows\system32\service\28122010_TIS17_SfFniAU.log
c:\windows\system32\service\29012010_TIS17_SfFniAU.log
c:\windows\system32\service\30042010_TIS17_SfFniAU.log
c:\windows\system32\service\30062010_TIS17_SfFniAU.log
c:\windows\system32\service\30112010_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRV14C
-------\Service_srv14C
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-05 20:34 . 2011-09-05 20:34 239616 ----a-w- c:\windows\system32\wscui32.dll
2011-09-05 17:25 . 2011-09-05 17:25 -------- d-----w- c:\documents and settings\Jeremiah Schumacher\My Vaults
2011-09-05 17:23 . 2011-09-09 04:51 -------- d-----w- c:\documents and settings\Jeremiah Schumacher\Application Data\SanDisk
2011-09-05 17:13 . 2011-09-05 17:13 -------- d-----w- c:\documents and settings\Jeremiah Schumacher\Local Settings\Application Data\Proxure
2011-09-05 17:12 . 2011-09-05 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk
2011-09-05 17:10 . 2011-09-05 17:10 -------- d-----w- c:\program files\MSBuild
2011-09-05 17:10 . 2011-09-05 17:10 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-05 17:10 . 2011-09-05 17:10 -------- d-----w- c:\program files\Reference Assemblies
2011-09-05 17:09 . 2011-09-05 17:11 -------- d-----w- C:\8fd39794d05c79cb3a6ac5d5bd159e59
2011-09-05 17:09 . 2007-03-23 01:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-05 17:08 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-09-03 03:40 . 2011-09-03 03:40 -------- d-----w- c:\documents and settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport
2011-08-20 04:00 . 2011-08-20 04:00 -------- d-s---w- c:\documents and settings\LocalService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021E961F-C02A-4D57-832D-9264684EC5Ad}]
2011-09-05 20:34 239616 ----a-w- c:\windows\system32\wscui32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wmiWeb64"="c:\documents and settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport\wmiWeb64.dll" [2011-09-03 131072]
"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2010-11-10 31095432]
"AdobeUpdate"="c:\documents and settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe" [2011-09-05 56832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-19 185896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-20 6515800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdate"="c:\documents and settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe" [2011-09-05 56832]
.
c:\documents and settings\Jeremiah Schumacher\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-3-24 142336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-02-18 19:49 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2002-06-06 17:06 1032192 -c----w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
2003-09-30 11:09 425984 -c--a-w- c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 14:50 155648 -c----w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 16:43 2097488 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-11 04:15 111816 ----a-w- c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-01-15 12:33 49152 -c--a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Jeremiah Schumacher\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Mozilla Firefox\\magicg\\Magic\\Manalink.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1885:TCP"= 1885:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2/13/2005 3:11 PM 9344]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29832]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [5/9/2005 8:24 PM 6656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2/27/2011 8:32 PM 98392]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/31/2003 7:00 AM 14336]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 10:49 PM 138616]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2008 8:25 PM 30152]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [10/20/2010 4:58 PM 1201656]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [5/9/2005 8:24 PM 28672]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2/13/2005 3:11 PM 337536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
- c:\documents and settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 17:26]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
- c:\documents and settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 17:26]
.
2011-09-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2011-09-12 c:\windows\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-10-20 14:33]
.
2011-09-12 c:\windows\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-10-20 14:33]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?533c77d03784464dbbf2f8bf43b30aa
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?533c77d03784464dbbf2f8bf43b30aa
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
FF - ProfilePath - c:\documents and settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pbs.org/
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: RedShift V3.6: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: SporTV Community Toolbar: {a298ed31-d405-40e2-880f-b7511948e582} - %profile%\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-GoogleServiceService - c:\documents and settings\All Users\Application Data\GoogleServiceService.dll
SafeBoot-klmdb.sys
SafeBoot-svcWRSSSDK
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-POINTER - point32.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_01\bin\jusched.exe
AddRemove-Global Trading System - c:\progra~1\fxsgts\UNWISE.EXE
AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-09-11 20:13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-12 01:13
.
Pre-Run: 49,864,675,328 bytes free
Post-Run: 49,946,472,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DEF541B9FA3C633DBC870807AFD057FF


Computer's behavior: Before combofix, for some reason Firefox kept crashing when I tried to do a goggle search. Also, it kept doing google redirect.

The computer is also running slightly faster than before. It took a while to get started after the reboot.
  • 0

#14
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
The computer's sound is no longer working-- I checked and it says that there is no hardware installed?? The sound was working fine and I have NO idea where any sound software would be to reinstall, and the plugs for the speakers are in.

Also-- I attempted to play a CD and it will not work!! I also attempted to play a DVD and the DVD player won't open! What the heck happened to my computer!?

Edited by PrincessLeia, 11 September 2011 - 09:49 PM.

  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We will look into that. Please follow the steps below:

Step 1

  • Please download Speccy from here install and run it.
  • Wait a few minutes then click File menu then Save as Text file... and save report to your desktop.
  • Open that txt file in Notepad and find Operating System section and delete this line: Serial Number: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
  • Save it by clicking on File and thes on Save.
  • Please attach that report in your next reply.

How to add an attachment to a new topic or reply

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • Attached SPECCY log
  • OTL scan log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP