View Full Version : Some Yoog malware on my Firefox and IE search engine
My Google search engine is replaced by some Yoog search engine,i have deleted many times and it's still on. I would like some help, thx
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:37:39 p.m., on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11925 bytes
Hello and Welcome to Safer Networking,
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC
Thanks peku006
MBAM log
Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 3
14/03/2009 12:23:56 a.m.
mbam-log-2009-03-14 (00-23-56).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 159035
Time elapsed: 1 hour(s), 44 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9d77f30a-2da9-ee35-1977-b78c429635fa} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\623b6372-e205-b8cd-79ab-356d5ae485e6 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ovulyzfunjcs (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0e69838f-416a-91f3-478d-558bebe8347d} (Adware.MySideSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\akhivgdjksczdth.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\623b6372-e205-b8cd-79ab-356d5ae485e6.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovulyzfunjcs.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irpecufxanhh.dll-uninst.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\igfxtray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\EXPLORER.EX_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\EXPLORER.SC_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
***********************************************************
info.txt
info.txt logfile of random's system information tool 1.05 2009-03-14 00:27:40
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canvas 11-->MsiExec.exe /I{1A103C8B-3DFA-4F05-BE9B-97B7ECC12925}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DataStudio-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4AB1A2A-72A8-4801-B238-0CB789C992FE} /l1033
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graphical Analysis 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFE637-E44E-4648-9183-D77E9F48F9F1}\SETUP.EXE" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Lizardtech Express View Browser Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE983D56-28C6-4E5D-A146-8A8339B9CC1F}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mineralogy Tutorials 2.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Wiley\Mineralogy Tutorials 2.1\DeIsL1.isu" -c"C:\Program Files\Wiley\Mineralogy Tutorials 2.1\_ISREG32.DLL"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MrSID GeoViewer-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Lizardtech\MrSID GeoViewer\DeIsL1.isu" -c"C:\Program Files\Lizardtech\MrSID GeoViewer\_ISREG32.DLL"
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.134\InstStub.exe /X
OpenOffice.org Installer 1.0-->MsiExec.exe /X{CE38B24E-4146-4DAC-AD4E-4EC8BF24C261}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung Samples Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DpInst.exe /u PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"
Hosts File Missing
======Security center information======
AV: Norton Internet Security
FW: Norton Internet Security
System event log
Computer Name: COMPUTADOR
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was connected to the network,
and has initiated normal operation over the network adapter.
Record Number: 100184
Source Name: Tcpip
Time Written: 20090302205052.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.
Record Number: 100183
Source Name: Tcpip
Time Written: 20090302204442.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{06953035-5532-47F7-986A-E86B4913951E} because a master browser was stopped.
Record Number: 100182
Source Name: BROWSER
Time Written: 20090302204435.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was connected to the network,
and has initiated normal operation over the network adapter.
Record Number: 100181
Source Name: Tcpip
Time Written: 20090302203337.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.
Record Number: 100180
Source Name: Tcpip
Time Written: 20090302203242.000000-240
Event Type: information
User:
Application event log
Computer Name: COMPUTADOR
Event Code: 103
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine stopped the instance (0).
Record Number: 20366
Source Name: ESENT
Time Written: 20081112220244.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 102
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine started a new instance (0).
Record Number: 20365
Source Name: ESENT
Time Written: 20081112210756.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 100
Message: MsnMsgr (2632) The database engine 5.01.2600.5512 started.
Record Number: 20364
Source Name: ESENT
Time Written: 20081112210756.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 101
Message: MsnMsgr (2632) The database engine stopped.
Record Number: 20363
Source Name: ESENT
Time Written: 20081112210653.000000-240
Event Type: information
User:
Computer Name: COMPUTADOR
Event Code: 103
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine stopped the instance (0).
Record Number: 20362
Source Name: ESENT
Time Written: 20081112210653.000000-240
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\ACD Systems\EN;C:\Program Files\Common Files\ACD Systems
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PROJSO"=C:\Program Files\Common Files\LizardTech Shared\GDAL_LIB\proj.dll
"PROJ_LIB"=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
"GDAL_DATA"=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Omar at 2009-03-14 00:27:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (25%) free of 72 GB
Total RAM: 1015 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:36 a.m., on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Omar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Omar.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11923 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [2009-02-27 372592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-18 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-18 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-18 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [2009-02-27 372592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-18 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-09-10 393216]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-05-03 98304]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-08 176128]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2005-07-08 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2005-07-08 491520]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-13 68856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PASPortal.lnk - C:\WINDOWS\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe"="C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe"="C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe"="C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}]
shell\AutoRun\command - H:\jfvkcsy.bat
shell\explore\command - H:\jfvkcsy.bat
shell\open\command - H:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265c1748-a16b-11dd-a206-0014229e8b54}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
shell\verb1\command - desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
shell\AutoRun\command - F:\oq.cmd
shell\explore\command - F:\oq.cmd
shell\open\command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - G:\system.exe
shell\Open\command - G:\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\xlu8a8sy.exe
shell\explore\command - F:\xlu8a8sy.exe
shell\open\command - F:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\oq.cmd
shell\explore\command - F:\oq.cmd
shell\open\command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\jfvkcsy.bat
shell\explore\command - F:\jfvkcsy.bat
shell\open\command - F:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204177-eed7-11dc-a123-0014229e8b54}]
shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}]
shell\AutoRun\command - F:\ntde1ect.com
shell\explore\command - F:\ntde1ect.com
shell\open\command - F:\ntde1ect.com
======File associations======
.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
======List of files/folders created in the last 1 months======
2009-03-14 00:27:12 ----D---- C:\rsit
2009-03-13 21:55:02 ----D---- C:\Documents and Settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-11 09:45:11 ----D---- C:\Documents and Settings\Omar\Application Data\URSoft
2009-03-11 09:44:59 ----D---- C:\Program Files\Your Uninstaller 2008
2009-03-11 01:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 01:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 01:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 00:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 23:19:27 ----RD---- C:\Program Files\Norton Support
2009-03-09 18:48:43 ----D---- C:\_OTScanIt
2009-03-07 13:28:50 ----D---- C:\Program Files\Common Files\Common Share
2009-03-04 21:14:20 ----D---- C:\Documents and Settings\Omar\Application Data\DivX
2009-03-04 19:40:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-04 09:16:58 ----A---- C:\WINDOWS\system32\irpecufxanhh.dll
2009-03-02 09:51:47 ----D---- C:\Program Files\Bonjour
2009-02-27 09:25:58 ----A---- C:\WINDOWS\system32\nsk9E.dll
2009-02-25 01:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 22:01:49 ----D---- C:\Documents and Settings\Omar\Application Data\ACD Systems
2009-02-24 22:01:07 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-24 21:59:03 ----D---- C:\Program Files\Common Files\ACD Systems
2009-02-24 21:59:03 ----D---- C:\Program Files\ACD Systems
2009-02-22 21:09:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
======List of files/folders modified in the last 1 months======
2009-03-14 00:27:14 ----D---- C:\WINDOWS\Temp
2009-03-14 00:26:25 ----D---- C:\WINDOWS\Prefetch
2009-03-14 00:23:55 ----D---- C:\WINDOWS\system32
2009-03-14 00:21:02 ----D---- C:\Program Files\Mozilla Firefox
2009-03-13 22:42:00 ----SD---- C:\WINDOWS\Tasks
2009-03-13 22:05:20 ----D---- C:\WINDOWS
2009-03-13 22:04:31 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-03-13 22:02:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-13 22:02:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-13 21:54:59 ----D---- C:\WINDOWS\system32\drivers
2009-03-13 21:54:52 ----RD---- C:\Program Files
2009-03-13 21:51:05 ----HD---- C:\WINDOWS\inf
2009-03-12 08:49:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-11 18:57:14 ----D---- C:\Program Files\World of Warcraft
2009-03-11 09:51:07 ----SHD---- C:\WINDOWS\Installer
2009-03-11 09:50:04 ----D---- C:\WINDOWS\repair
2009-03-11 09:50:04 ----D---- C:\Program Files\IrfanView
2009-03-11 09:48:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-11 01:01:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-11 01:00:50 ----D---- C:\WINDOWS\WinSxS
2009-03-10 23:22:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-10 19:34:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 18:28:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-07 16:20:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 16:14:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-07 13:28:50 ----D---- C:\Program Files\Common Files
2009-03-04 19:41:09 ----D---- C:\Program Files\DivX
2009-03-03 14:56:18 ----D---- C:\Program Files\Symantec
2009-03-03 14:56:16 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-02-27 12:51:12 ----D---- C:\Documents and Settings\Omar\Application Data\U3
2009-02-24 16:23:41 ----D---- C:\Program Files\iPod
2009-02-22 21:14:13 ----D---- C:\Program Files\Google
2009-02-22 18:41:47 ----D---- C:\Documents and Settings
2009-02-22 18:40:30 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-18 10:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\BHDrvx86.sys [2009-02-27 258608]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1005000.086\ccHPx86.sys [2009-03-03 482352]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SRTSP.SYS [2009-02-27 307760]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NIS\1005000.086\SRTSPX.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMTDI.SYS [2009-02-27 217392]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-11 17056]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090313.032\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090313.032\NAVEX15.SYS []
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-10 1032472]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMFW.SYS [2009-02-27 89776]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMIDS.SYS [2009-02-27 34736]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMNDIS.SYS [2009-02-27 37296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-05-21 253672]
S3 ac5190jt;ac5190jt; C:\WINDOWS\system32\drivers\ac5190jt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-08 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-08 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nuvaudio;NUVision Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaudio.sys [2001-03-30 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+); C:\WINDOWS\system32\DRIVERS\NUVision.sys [2001-03-30 145184]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Servicio Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 iPod Service;Servicio del iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
Yoog search engine that replaces my search engine in Firefox and IE.Also I'm having trouble with the windows update system since every time i turn on my computer it tells me that "new updates are available for my computer".I installed them like two times and every time i turn off my computer it ask me if i want to install new updates.
thx for help.
Hi rocks21
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply
Thanks peku006
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Canvas 11
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DataStudio
Dell CinePlayer
Dell Driver Reset Tool
DellSupport
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ESET Online Scanner
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphical Analysis 3.2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Software Update
HP Update
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kaspersky Online Scanner
Lizardtech Express View Browser Plug-in
Malwarebytes' Anti-Malware
MathPlayer
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Mineralogy Tutorials 2.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.7)
mPfMgr
mPfWiz
mProSafe
MrSID GeoViewer
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
NetWaiting
Norton Internet Security
OpenOffice.org Installer 1.0
overland
Photosmart 140,240,7200,7600,7700,7900 Series
QuickSet
QuickTime
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WebCyberCoach 3.2 Dell
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Warcraft
Yahoo! Install Manager
Your Uninstaller! 2008 Version 6.2
Hi rocks21
Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.
Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.
Thanks peku006
[code]
OTScanIt2 logfile created on: 14/03/2009 01:40:51 p.m. - Run 3
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Omar\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000500A | Country: Puerto Rico | Language: ESU | Date Format: dd/MM/yyyy
1015.37 Mb Total Physical Memory | 459.94 Mb Available Physical Memory | 45.30% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 17.16 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTADOR
Current User Name: Omar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 18:03:40 | 00,245,760 | ---- | M] (Intel)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
dlactrlw.exe -> %SystemRoot%\System32\DLA\DLACTRLW.EXE -> [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2006/05/03 03:12:00 | 00,098,304 | ---- | M] ()
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 18:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/05 09:56:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/22 21:14:08 | 00,133,104 | ---- | M] (Google Inc.)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/10/14 22:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> [2005/07/08 00:55:02 | 00,491,520 | ---- | M] (Hewlett-Packard)
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2005/07/08 00:55:00 | 00,176,128 | ---- | M] (HP)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe -> [2004/10/30 16:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/10/14 22:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/10/14 22:46:24 | 00,159,744 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/14 11:39:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/14 11:39:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> [2005/06/09 10:53:18 | 00,356,352 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2005/09/01 19:24:08 | 00,684,032 | ---- | M] ()
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 18:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 18:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/09/10 01:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2005/11/29 06:56:30 | 00,761,947 | ---- | M] (Synaptics, Inc.)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 18:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZcfgSvc.exe -> [2004/09/07 18:08:02 | 00,389,120 | ---- | M] (Intel Corporation)
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Servicio Bonjour [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] ()
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 18:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(gupdate1c9955416be3348) Servicio de actualización de Google (gupdate1c9955416be3348) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/22 21:14:08 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/22 21:09:04 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) Servicio del iPod [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/14 11:39:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> [2005/06/09 10:53:18 | 00,356,352 | ---- | M] (Dell Inc.)
(Norton Internet Security) Norton Internet Security [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 18:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 18:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 18:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2006/03/11 04:48:29 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/03 12:44:16 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2005/08/05 05:32:16 | 00,045,312 | R--- | M] (Broadcom Corporation)
(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\BHDrvx86.sys -> [2009/02/27 07:20:26 | 00,258,608 | ---- | M] (Symantec Corporation)
(ccHP) Symantec Hash Provider [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\ccHPx86.sys -> [2009/03/03 14:55:16 | 00,482,352 | ---- | M] (Symantec Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/02/25 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/02/25 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> [2005/07/08 00:55:01 | 00,051,088 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> [2005/07/08 00:55:01 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> [2005/07/08 00:55:01 | 00,021,744 | ---- | M] (HP)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWAZL.sys -> [2005/07/22 05:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DPV.sys -> [2005/07/22 05:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/10/14 23:15:18 | 01,302,812 | ---- | M] (Intel Corporation)
(IDSxpx86) IDSxpx86 [Kernel | System | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys -> [2009/02/06 02:04:44 | 00,276,344 | ---- | M] (Symantec Corporation)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\iwca.sys -> [2004/08/12 10:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2004/03/17 05:04:14 | 00,013,059 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.003\NAVENG.SYS -> [2009/02/19 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.003\NAVEX15.SYS -> [2009/02/19 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation)
(nuvaudio) NUVision Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nuvaudio.sys -> [2001/03/30 10:52:29 | 00,020,704 | R--- | M] (Nogatech Ltd.)
(NUVision) ATI TV Wonder, USB Edition (NTSC+) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\NUVision.sys -> [2001/03/30 10:52:29 | 00,145,184 | R--- | M] (Nogatech Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/11/06 12:37:28 | 00,043,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rimmptsk.sys -> [2005/07/14 12:58:14 | 00,028,544 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rimsptsk.sys -> [2005/07/12 13:00:30 | 00,051,328 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rixdptsk.sys -> [2005/07/14 11:28:38 | 00,307,968 | ---- | M] (REDC)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> [2004/08/31 10:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2007/08/13 16:26:00 | 00,682,232 | ---- | M] ()
(SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SRTSP.SYS -> [2009/02/27 07:20:26 | 00,307,760 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1005000.086\SRTSPX.SYS -> [2009/02/27 07:20:26 | 00,043,696 | ---- | M] (Symantec Corporation)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_bus.sys -> [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_mdfl.sys -> [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI)
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_mdm.sys -> [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI)
(StarOpen) StarOpen [File_System | System | Running] -> %SystemRoot%\System32\drivers\StarOpen.sys -> [2006/07/24 16:05:00 | 00,005,632 | ---- | M] ()
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/09/10 01:15:32 | 01,032,472 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\NIS\1005000.086\SYMEFA.SYS -> [2009/02/27 07:20:26 | 00,310,320 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\Drivers\SYMEVENT.SYS -> [2009/03/03 14:56:16 | 00,124,464 | ---- | M] (Symantec Corporation)
(SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMFW.SYS -> [2009/02/27 07:20:26 | 00,089,776 | ---- | M] (Symantec Corporation)
(SYMIDS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMIDS.SYS -> [2009/02/27 07:20:26 | 00,034,736 | ---- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
(SYMNDIS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMNDIS.SYS -> [2009/02/27 07:20:26 | 00,037,296 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMTDI.SYS -> [2009/02/27 07:20:26 | 00,217,392 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> [2005/11/29 06:36:56 | 00,191,936 | ---- | M] (Synaptics, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w29n51.sys -> [2004/10/21 22:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2005/07/22 05:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.)
(WinDriver6) WinDriver6 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\windrvr6.sys -> [2003/05/21 18:58:18 | 00,253,672 | ---- | M] (Jungo)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://news.google.com/news?ned=us ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js ->
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www15.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->
browser.startup.homepage -> "http://news.google.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 ->
extensions.enabledItems -> {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\System32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 07:20:00 | 00,110,652 | ---- | M] (Sonic Solutions)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Symantec NCO BHO] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL [Symantec Intrusion Prevention] -> [2009/02/27 07:20:16 | 00,107,896 | R--- | M] (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/14 11:39:06 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/07/07 12:29:52 | 00,324,416 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/18 10:50:14 | 00,657,904 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/02/18 10:49:28 | 00,522,224 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/14 11:39:05 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/14 11:39:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Norton Toolbar] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Norton Toolbar] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2005/09/01 19:24:08 | 00,684,032 | ---- | M] ()
"DLA" -> %SystemRoot%\System32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
"DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2006/05/03 03:12:00 | 00,098,304 | ---- | M] ()
"HP Component Manager" -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> [2005/07/08 00:55:00 | 00,176,128 | ---- | M] (HP)
"HPHmon05" -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\system32\hphmon05.exe] -> [2005/07/08 00:55:02 | 00,491,520 | ---- | M] (Hewlett-Packard)
"HPHUPD05" -> %ProgramFiles%\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe] -> [2005/07/08 00:55:02 | 00,049,152 | ---- | M] (Hewlett-Packard)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/10/14 22:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/10/14 22:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/10/14 22:49:46 | 00,094,208 | ---- | M] (Intel Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 16:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 18:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2005/09/10 01:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/14 11:39:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2005/11/29 06:56:30 | 00,761,947 | ---- | M] (Synaptics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools" -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
"MsnMsgr" -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/09/13 08:10:20 | 00,068,856 | ---- | M] (Google Inc.)
"Uniblue RegistryBooster 2" -> [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\PASPortal.lnk -> %SystemRoot%\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe -> [2006/08/30 10:16:37 | 00,040,960 | R--- | M] (InstallShield Software Corp.)
< Omar Startup Folder > -> C:\Documents and Settings\Omar\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableStatusMessages" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [149] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000] -> [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5182 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5181 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [HKLM] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab [CKAVWebScan Object] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab [Reg Error: Key error.] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [HKLM] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab [OnlineScanner Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Java Plug-in 1.6.0_06] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{06953035-5532-47F7-986A-E86B4913951E} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{2A1A7821-11C0-4BFB-8F98-BEC833F73AA4} -> () ->
{92DE04DF-CC2D-42C7-B434-CBB8CF37905A} -> (1394 Net Adapter) ->
{B52EBE49-ACB8-4A03-9E34-BAC42D93E9BA} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/10/14 22:45:38 | 00,135,168 | ---- | M] (Intel Corporation)
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 18:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe" -> C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe [C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/05/10 20:32:33 | 00,752,673 | ---- | M] (Blizzard Entertainment)
"C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe" -> C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe [C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe" -> C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe [C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/03/05 09:56:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/06/06 23:37:44 | 00,779,015 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/06/20 22:17:30 | 00,754,664 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/07/11 11:21:00 | 00,742,899 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:18:54 | 00,771,411 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:05:21 | 00,771,373 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:12:39 | 00,771,353 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:15:59 | 00,771,362 | ---- | M] (Blizzard Entertainment)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 15:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{265c1748-a16b-11dd-a206-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\AutoRun\command
\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe] -> File not found
\{265c1748-a16b-11dd-a206-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\open\command
\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe] -> File not found
\{2d3d59fa-234f-11dc-a033-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}\shell\verb1\command
\{2d3d59fa-234f-11dc-a033-0014229e8b54}\shell\verb1\command\\"" -> [desktop.exe] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\AutoRun\command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\explore\Command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\explore\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\open\Command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\open\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\AutoRun
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Explore\command
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Explore\command\\"" -> G:\system.exe [G:\system.exe] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Open\command
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Open\command\\"" -> G:\system.exe [G:\system.exe] -> File not found
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\AutoRun\command
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\open\command
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{d5204176-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{d5204177-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command
\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command\\"" -> H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{d5204177-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\open\command
\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\open\command\\"" -> H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{e939ef02-ae88-11dd-a21c-00166f4c9160}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\AutoRun\command
\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{e939ef02-ae88-11dd-a21c-00166f4c9160}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\open\command
\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found
[Files/Folders - Created Within 30 Days]
LastGood -> %SystemRoot%\LastGood -> [2009/03/14 10:24:04 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/03/14 00:27:12 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/13 22:12:11 | 00,781,851 | ---- | C] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/03/13 22:00:04 | 02,132,416 | ---- | C] (Malwarebytes Corporation )
Malwarebytes -> %AppData%\Malwarebytes -> [2009/03/13 21:55:02 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/13 21:54:59 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/03/13 21:54:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/03/13 21:54:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/03/13 21:54:53 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/03/13 21:54:52 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/13 21:53:51 | 02,876,728 | ---- | C] (Malwarebytes Corporation )
Remove malware.doc -> %UserProfile%\Desktop\Remove malware.doc -> [2009/03/12 16:06:15 | 00,033,280 | ---- | C] ()
pendrive -> %UserProfile%\Desktop\pendrive -> [2009/03/12 00:25:42 | 00,000,000 | ---D | C]
BitTorrent-6.1.2.exe -> %UserProfile%\Desktop\BitTorrent-6.1.2.exe -> [2009/03/11 15:52:47 | 01,754,496 | ---- | C] ()
URSoft -> %AppData%\URSoft -> [2009/03/11 09:45:11 | 00,000,000 | ---D | C]
1-Click Cleaning by Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,001,810 | ---- | C] ()
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,000,798 | ---- | C] ()
Your Uninstaller 2008 -> %ProgramFiles%\Your Uninstaller 2008 -> [2009/03/11 09:44:59 | 00,000,000 | ---D | C]
Norton Support -> %ProgramFiles%\Norton Support -> [2009/03/10 23:19:27 | 00,000,000 | R--D | C]
Sacar malware -> %UserProfile%\My Documents\Sacar malware -> [2009/03/10 19:38:09 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/10 18:55:29 | 10,647,63392 | -HS- | C] ()
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2009/03/09 18:48:43 | 00,000,000 | ---D | C]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/09 18:47:42 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/09 18:45:32 | 00,661,370 | ---- | C] ()
malware.rtf -> %UserProfile%\Desktop\malware.rtf -> [2009/03/07 20:27:51 | 00,000,828 | ---- | C] ()
spybotsd162.exe -> %UserProfile%\Desktop\spybotsd162.exe -> [2009/03/07 15:54:15 | 16,409,960 | ---- | C] (Safer Networking Limited )
OJOsoft Corporation -> %UserProfile%\My Documents\OJOsoft Corporation -> [2009/03/07 13:29:09 | 00,000,000 | ---D | C]
Common Share -> %CommonProgramFiles%\Common Share -> [2009/03/07 13:28:50 | 00,000,000 | ---D | C]
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2009/03/05 15:46:44 | 00,001,374 | ---- | C] ()
DivX -> %AppData%\DivX -> [2009/03/04 21:14:20 | 00,000,000 | ---D | C]
DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [2009/03/04 19:40:31 | 00,000,795 | ---- | C] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2009/03/04 19:39:50 | 00,000,806 | ---- | C] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2009/03/04 19:38:41 | 00,001,476 | ---- | C] ()
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2009/03/04 15:32:20 | 00,036,400 | R--- | C] (Symantec Corporation)
pendrive backup -> %UserProfile%\My Documents\pendrive backup -> [2009/03/04 10:46:02 | 00,000,000 | ---D | C]
irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll -> [2009/03/04 09:16:58 | 00,607,744 | ---- | C] ()
Procedimiento_y_resultados_propuesta[1].doc -> %UserProfile%\Desktop\Procedimiento_y_resultados_propuesta[1].doc -> [2009/03/03 21:23:11 | 00,082,944 | ---- | C] ()
Bonjour -> %ProgramFiles%\Bonjour -> [2009/03/02 09:51:47 | 00,000,000 | ---D | C]
nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll -> [2009/02/27 09:25:58 | 00,644,608 | ---- | C] ()
ACD Systems -> %AppData%\ACD Systems -> [2009/02/24 22:01:49 | 00,000,000 | ---D | C]
Canvas 11.lnk -> %AllUsersProfile%\Desktop\Canvas 11.lnk -> [2009/02/24 22:01:07 | 00,002,355 | ---- | C] ()
ACD Systems -> %AllUsersProfile%\Application Data\ACD Systems -> [2009/02/24 22:01:07 | 00,000,000 | ---D | C]
ACD Systems -> %ProgramFiles%\ACD Systems -> [2009/02/24 21:59:03 | 00,000,000 | ---D | C]
ACD Systems -> %CommonProgramFiles%\ACD Systems -> [2009/02/24 21:59:03 | 00,000,000 | ---D | C]
geophysics.xls -> %UserProfile%\Desktop\geophysics.xls -> [2009/02/24 09:06:40 | 00,020,480 | ---- | C] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/22 21:17:22 | 00,001,836 | ---- | C] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/22 21:14:35 | 00,000,878 | ---- | C] ()
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/02/22 21:09:13 | 00,000,000 | ---D | C]
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/22 21:09:09 | 00,000,868 | ---- | C] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/22 21:06:32 | 01,046,648 | ---- | C] ()
La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> %UserProfile%\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> [2009/02/16 20:53:12 | 00,536,286 | ---- | C] ()
Statigrafia -> %UserProfile%\My Documents\Statigrafia -> [2009/02/14 12:26:31 | 00,000,000 | ---D | C]
AceYourInterview_WEB.pdf -> %UserProfile%\My Documents\AceYourInterview_WEB.pdf -> [2009/02/14 11:30:14 | 04,189,460 | ---- | C] ()
Public Speaking -> %UserProfile%\My Documents\Public Speaking -> [2009/02/14 09:54:55 | 00,000,000 | ---D | C]
Seminario 2 -> %UserProfile%\My Documents\Seminario 2 -> [2009/02/13 20:47:12 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
11 C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp ->
11 C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp ->
1 C:\Documents and Settings\Omar\Local Settings\Temp\is-7KA5U.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\is-7KA5U.tmp\_isetup\*.tmp ->
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/14 13:34:27 | 00,004,232 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/14 13:34:26 | 00,005,515 | ---- | M] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/03/14 13:16:15 | 00,000,878 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/03/14 11:58:16 | 00,000,868 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/14 10:23:08 | 00,002,206 | ---- | M] ()
PASPortal.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\PASPortal.lnk -> [2009/03/14 10:22:00 | 00,002,245 | ---- | M] ()
Perflib_Perfdata_f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_f0.dat -> [2009/03/14 10:21:28 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_514.dat -> %SystemRoot%\Temp\Perflib_Perfdata_514.dat -> [2009/03/14 10:20:54 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/14 10:20:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/14 10:20:34 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/14 10:20:24 | 10,647,63392 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/14 00:48:45 | 08,388,608 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/14 00:48:45 | 00,000,278 | -HS- | M] ()
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2009/03/13 22:41:03 | 00,000,576 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/13 22:12:17 | 00,781,851 | ---- | M] ()
Perflib_Perfdata_d4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_d4.dat -> [2009/03/13 22:05:35 | 00,016,384 | ---- | M] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/03/13 22:00:07 | 02,132,416 | ---- | M] (Malwarebytes Corporation )
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/13 21:54:59 | 00,000,696 | ---- | M] ()
_shfoldr.dll -> %UserProfile%\Local Settings\Temp\is-7KA5U.tmp\_isetup\_shfoldr.dll -> [2009/03/13 21:54:29 | 00,023,312 | ---- | M] (Microsoft Corporation)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/13 21:54:13 | 02,876,728 | ---- | M] (Malwarebytes Corporation )
Perflib_Perfdata_170.dat -> %SystemRoot%\Temp\Perflib_Perfdata_170.dat -> [2009/03/13 09:53:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_664.dat -> %SystemRoot%\Temp\Perflib_Perfdata_664.dat -> [2009/03/13 05:36:33 | 00,016,384 | ---- | M] ()
Remove malware.doc -> %UserProfile%\Desktop\Remove malware.doc -> [2009/03/12 16:06:15 | 00,033,280 | ---- | M] ()
Cat.DB -> %SystemRoot%\System32\drivers\NIS\1005000.086\Cat.DB -> [2009/03/12 08:48:00 | 00,638,786 | ---- | M] ()
Perflib_Perfdata_4a0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4a0.dat -> [2009/03/12 08:46:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_128.dat -> %SystemRoot%\Temp\Perflib_Perfdata_128.dat -> [2009/03/11 18:52:32 | 00,016,384 | ---- | M] ()
BitTorrent-6.1.2.exe -> %UserProfile%\Desktop\BitTorrent-6.1.2.exe -> [2009/03/11 15:54:39 | 01,754,496 | ---- | M] ()
swt-awt-win32-3346.dll -> %UserProfile%\Local Settings\Temp\swt-awt-win32-3346.dll -> [2009/03/11 15:46:57 | 00,032,768 | ---- | M] (Eclipse Foundation)
swt-win32-3346.dll -> %UserProfile%\Local Settings\Temp\swt-win32-3346.dll -> [2009/03/11 15:46:56 | 00,307,200 | ---- | M] (Eclipse Foundation)
1-Click Cleaning by Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,001,810 | ---- | M] ()
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,000,798 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 09:28:32 | 00,178,648 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/03/11 00:02:15 | 00,116,736 | ---- | M] ()
Perflib_Perfdata_258.dat -> %SystemRoot%\Temp\Perflib_Perfdata_258.dat -> [2009/03/10 18:56:14 | 00,016,384 | ---- | M] ()
portadas.doc -> %UserProfile%\Desktop\portadas.doc -> [2009/03/10 09:35:21 | 00,025,088 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/09 18:45:38 | 00,661,370 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/03/09 09:42:02 | 00,000,284 | ---- | M] ()
malware.rtf -> %UserProfile%\Desktop\malware.rtf -> [2009/03/07 20:27:51 | 00,000,828 | ---- | M] ()
Uniblue SpyEraser Nag.job -> %SystemRoot%\tasks\Uniblue SpyEraser Nag.job -> [2009/03/07 18:54:00 | 00,000,262 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/03/07 16:11:06 | 00,000,933 | ---- | M] ()
spybotsd162.exe -> %UserProfile%\Desktop\spybotsd162.exe -> [2009/03/07 15:58:21 | 16,409,960 | ---- | M] (Safer Networking Limited )
Canvas 11.lnk -> %AllUsersProfile%\Desktop\Canvas 11.lnk -> [2009/03/07 11:58:25 | 00,002,355 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/03/05 22:03:16 | 02,111,386 | -H-- | M] ()
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2009/03/05 15:46:44 | 00,001,374 | ---- | M] ()
DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [2009/03/04 19:40:32 | 00,000,795 | ---- | M] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2009/03/04 19:39:50 | 00,000,806 | ---- | M] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2009/03/04 19:38:41 | 00,001,476 | ---- | M] ()
Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [2009/03/04 15:30:48 | 00,001,984 | ---- | M] ()
irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll -> [2009/03/04 09:16:58 | 00,607,744 | ---- | M] ()
Procedimiento_y_resultados_propuesta[1].doc -> %UserProfile%\Desktop\Procedimiento_y_resultados_propuesta[1].doc -> [2009/03/03 21:53:31 | 00,082,944 | ---- | M] ()
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> [2009/03/03 14:56:16 | 00,124,464 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> [2009/03/03 14:56:16 | 00,060,808 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [2009/03/03 14:56:16 | 00,007,386 | ---- | M] ()
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [2009/03/03 14:56:16 | 00,000,805 | ---- | M] ()
cchpx86.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\cchpx86.sys -> [2009/03/03 14:55:16 | 00,482,352 | ---- | M] (Symantec Corporation)
isolate.ini -> %SystemRoot%\System32\drivers\NIS\1005000.086\isolate.ini -> [2009/03/03 14:55:09 | 00,000,172 | ---- | M] ()
nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll -> [2009/02/27 09:25:58 | 00,644,608 | ---- | M] ()
SymEFA.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.sys -> [2009/02/27 07:20:26 | 00,310,320 | ---- | M] (Symantec Corporation)
srtsp.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.sys -> [2009/02/27 07:20:26 | 00,307,760 | ---- | M] (Symantec Corporation)
BHDrvx86.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.sys -> [2009/02/27 07:20:26 | 00,258,608 | ---- | M] (Symantec Corporation)
symtdi.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symtdi.sys -> [2009/02/27 07:20:26 | 00,217,392 | ---- | M] (Symantec Corporation)
symfw.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symfw.sys -> [2009/02/27 07:20:26 | 00,089,776 | ---- | M] (Symantec Corporation)
srtspx.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.sys -> [2009/02/27 07:20:26 | 00,043,696 | ---- | M] (Symantec Corporation)
symndisv.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symndisv.sys -> [2009/02/27 07:20:26 | 00,039,984 | ---- | M] (Symantec Corporation)
symndis.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symndis.sys -> [2009/02/27 07:20:26 | 00,037,296 | ---- | M] (Symantec Corporation)
symids.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symids.sys -> [2009/02/27 07:20:26 | 00,034,736 | ---- | M] (Symantec Corporation)
SymEFA.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.inf -> [2009/02/27 07:20:23 | 00,003,373 | ---- | M] ()
ccHPx86.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\ccHPx86.inf -> [2009/02/27 07:20:23 | 00,001,753 | ---- | M] ()
SymNet.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymNet.inf -> [2009/02/27 07:20:23 | 00,001,528 | ---- | M] ()
srtspx.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.inf -> [2009/02/27 07:20:23 | 00,001,389 | ---- | M] ()
srtsp.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.inf -> [2009/02/27 07:20:23 | 00,001,383 | ---- | M] ()
BHDrvx86.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.inf -> [2009/02/27 07:20:23 | 00,000,640 | ---- | M] ()
SymNet.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymNet.cat -> [2009/02/27 07:20:19 | 00,009,423 | ---- | M] ()
SymEFA.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.cat -> [2009/02/27 07:20:19 | 00,007,410 | ---- | M] ()
srtspx.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.cat -> [2009/02/27 07:20:19 | 00,007,372 | ---- | M] ()
BHDrvx86.CAT -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.CAT -> [2009/02/27 07:20:19 | 00,007,364 | ---- | M] ()
srtsp.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.cat -> [2009/02/27 07:20:19 | 00,007,355 | ---- | M] ()
ccHPx86.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\ccHPx86.cat -> [2009/02/27 07:20:19 | 00,007,347 | ---- | M] ()
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
geophysics.xls -> %UserProfile%\Desktop\geophysics.xls -> [2009/02/24 09:06:41 | 00,020,480 | ---- | M] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/22 21:17:22 | 00,001,836 | ---- | M] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/22 21:08:14 | 01,046,648 | ---- | M] ()
La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> %UserProfile%\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> [2009/02/16 20:54:52 | 00,536,286 | ---- | M] ()
AceYourInterview_WEB.pdf -> %UserProfile%\My Documents\AceYourInterview_WEB.pdf -> [2009/02/14 11:30:14 | 04,189,460 | ---- | M] ()
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2009/02/12 13:48:18 | 00,002,137 | ---- | M] ()
A~NSISu_.exe -> %UserProfile%\Local Settings\Temp\A~NSISu_.exe -> [2008/09/27 16:14:11 | 00,124,421 | ---- | M] (Lime Wire LLC)
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/03/26 22:29:17 | 00,001,372 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/03/25 11:51:46 | 00,016,384 | ---- | M] ()
wklntsk.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk.dat -> [2006/03/25 11:51:45 | 00,515,952 | ---- | M] ()
wklntnts.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntnts.dat -> [2006/03/25 11:51:45 | 00,515,952 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 153 bytes -> %AllUsersProfile%\Application Data\TEMP:B3D74A13
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}]
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,6e,68,62,6f,65,67,00,..
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,6a,6a,66,6a,61,6d,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\493344AB.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\80067A16.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 153 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 106 bytes
C:\Documents and Settings\El guest\Local Settings\Application Data\Microsoft\Messenger\calumi4@hotmail.com\SharingMetadata\ly_sanchez@hotmail.com\DFSR\Staging\CS{B738349E-AA87-59CA-C702-FBAEC86CEE59}\01\10-{B738349E-AA87-59CA-C702-FBAEC86CEE59}-v1-{DF7FA59E-86BD-437E-96DD-B0BC63C051B6}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Favorites\dell charger.url:favicon 1406 bytes
C:\Documents and Settings\Omar\Favorites\u.talk.back.url:favicon 894 bytes
C:\Documents and Settings\Omar\Favorites\Weekly World News**The World’s Only Reliable News!.url:favicon 1342 bytes
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\megimpy@hotmail.com\SharingMetadata\defenza_zero@hotmail.com\DFSR\Staging\CS{A95A46DE-DA18-D0D6-65FB-7BBA3B811EA7}\01\10-{A95A46DE-DA18-D0D6-65FB-7BBA3B811EA7}-v1-{81B3884A-C41D-4DC2-9874-CB2626AE665B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\01\10-{198E08AC-E959-C993-4FFE-533C09D8E622}-v1-{9D168419-FF76-429D-8958-E067267CAA04}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\11\14-{9D168419-FF76-429D-8958-E067267CAA04}-v11-{9D168419-FF76-429D-8958-E067267CAA04}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4710 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\11\14-{9D168419-FF76-429D-8958-E067267CAA04}-v11-{9D168419-FF76-429D-8958-E067267CAA04}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
scan completed successfully
hidden files: 233
< End of report >
[/code]
Hi rocks21
Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www15.yoog.com/search.php?q="
YN -> browser.search.selectedEngine -> "Yoog Search"
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat]
YN -> \{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat]
YN -> \{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat]
YN -> \{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe]
YN -> \{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe]
YN -> \{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe]
YN -> \{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat]
YN -> \{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat]
YN -> \{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat]
YN -> \{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com]
YN -> \{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com]
YN -> \{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com]
[Files/Folders - Created Within 30 Days]
NY -> irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll
NY -> nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll
[Files/Folders - Modified Within 30 Days]
NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll
NY -> nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll
The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.
Thanks peku006
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js not found.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js not found.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command\\ deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\irpecufxanhh.dll moved successfully.
C:\WINDOWS\System32\nsk9E.dll moved successfully.
[Files/Folders - Modified Within 30 Days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
C:\Documents and Settings\Omar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\WINDOWS\System32\irpecufxanhh.dll not found!
File C:\WINDOWS\System32\nsk9E.dll not found!
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.8.0 fix logfile created on 03142009_173753
Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Hi rocks21
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
Computers is running ok but still with the Yoog malware and windows update
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 16, 2009 14:09:03
Records in database: 1916188
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 76325
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:31:49
File name / Threat name / Threats count
C:\Documents and Settings\Omar\My Documents\Terraco-v08.zip Infected: Backdoor.Win32.Resumdor.a 1
The selected area was scanned.
***************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:23 p.m., on 16/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Omar\Local Settings\Temp\jkos-Omar\binaries\ScanningProcess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12036 bytes
Hi rocks21
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file
C:\Documents and Settings\Omar\My Documents\Terraco-v08.zip
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:reg
Yoog
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Thanks peku006
SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 12:54 on 17/03/2009 by Omar (Administrator - Elevation successful)
========== reg ==========
[Yoog]
Hive unrecognized.
-=End Of File=-
Hi rocks21
Please download OTListIt2 by OldTimer from Geeks to Go (http://oldtimer.geekstogo.com/OTListIt2.exe). Save it your desktop.
Double click on OTListIt2.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Thanks peku006
OTListIt logfile created on: 17/03/2009 05:02:58 p.m. - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Omar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000500A | Country: Puerto Rico | Language: ESU | Date Format: dd/MM/yyyy
1015.37 Mb Total Physical Memory | 328.01 Mb Available Physical Memory | 32.30% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 17.11 Gb Free Space | 24.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTADOR
Current User Name: Omar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Omar\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gupdate1c9955416be3348 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys (Symantec Corporation)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.006\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.006\NAVEX15.SYS (Symantec Corporation)
DRV - (nuvaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nuvaudio.sys (Nogatech Ltd.)
DRV - (NUVision [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NUVision.sys (Nogatech Ltd.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.086\SRTSPX.SYS (Symantec Corporation)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.086\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://www15.yoog.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www15.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 11:39:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/07 13:51:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/05 09:57:03 | 00,000,000 | ---D | M]
[2008/08/28 11:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Extensions
[2008/08/28 11:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/17 12:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Firefox\Profiles\drj06ki6.default\extensions
[2009/03/09 19:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Firefox\Profiles\drj06ki6.default\extensions\{30d7b8a7-d6ed-458c-8976-84487fac36a9}
[2009/01/07 20:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Firefox\Profiles\drj06ki6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/07 20:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Omar\Application Data\mozilla\Firefox\Profiles\drj06ki6.default\extensions\blueshift@shift.themes
[2007/07/01 13:39:47 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\searchplugins\siteadvisor.xml
[2009/03/17 16:59:00 | 00,000,247 | ---- | M] () -- C:\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\searchplugins\Yoog Search.xml
[2009/03/17 12:57:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 09:56:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/03 18:24:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/09/14 14:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/14 11:39:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/02/27 09:25:54 | 00,642,560 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\7d817ebf-685d-5fc9-8e89-dde647987875.dll
[2009/03/05 09:56:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 09:56:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/04 09:16:52 | 00,478,208 | ---- | M] () -- C:\Program Files\mozilla firefox\components\irpecufxanhh.dll
[2008/08/28 11:08:36 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/28 11:08:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/28 11:08:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 21:26:51 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/28 11:08:36 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/28 11:08:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/28 11:08:36 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PASPortal.lnk = C:\WINDOWS\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe (InstallShield Software Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - application/xhtml+xml - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - text/xml; charset=iso-8859-1 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter: - text/xml; charset=utf-8 - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\AutoRun\command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\explore\Command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\open\Command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Explore\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Open\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe -- File not found
O33 - MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe -- File not found
O33 - MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\open\Command - "" = F:\oq.cmd -- File not found
O33 - MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell - "" = AutoRun
O33 - MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe -- File not found
O33 - MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe -- File not found
O33 - MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/17 17:00:46 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTListIt2.exe
[2009/03/17 12:53:23 | 00,091,648 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\SystemLook.exe
[2009/03/17 12:45:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/03/15 22:10:17 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Remove malware2.doc
[2009/03/14 00:27:12 | 00,000,000 | ---D | C] -- C:\rsit
[2009/03/13 22:12:11 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\RSIT.exe
[2009/03/13 22:00:04 | 02,132,416 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Omar\Desktop\mbam-rules.exe
[2009/03/13 21:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\Malwarebytes
[2009/03/13 21:54:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/13 21:54:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/13 21:54:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/13 21:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/13 21:54:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/13 21:53:51 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Omar\Desktop\mbam-setup.exe
[2009/03/12 16:06:15 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Remove malware.doc
[2009/03/12 00:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Desktop\pendrive
[2009/03/11 15:52:47 | 01,754,496 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\BitTorrent-6.1.2.exe
[2009/03/11 09:45:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\URSoft
[2009/03/11 09:45:07 | 00,001,810 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
[2009/03/11 09:45:07 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Your Uninstaller! 2008.lnk
[2009/03/11 09:44:59 | 00,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2008
[2009/03/10 23:19:27 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/03/10 19:38:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\Sacar malware
[2009/03/10 18:55:29 | 10,647,63392 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/09 18:48:43 | 00,000,000 | ---D | C] -- C:\_OTScanIt
[2009/03/09 18:47:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Desktop\OTScanIt2
[2009/03/09 18:45:32 | 00,661,370 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\OTScanIt2.exe
[2009/03/07 20:27:51 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\malware.rtf
[2009/03/07 15:54:15 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Omar\Desktop\spybotsd162.exe
[2009/03/07 13:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\OJOsoft Corporation
[2009/03/07 13:28:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2009/03/05 15:46:44 | 00,001,374 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/03/04 21:14:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\DivX
[2009/03/04 19:40:31 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/03/04 19:39:50 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/03/04 19:38:41 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\DivX Movies.lnk
[2009/03/04 15:32:20 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/03/04 10:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\My Documents\pendrive backup
[2009/03/03 21:23:11 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Procedimiento_y_resultados_propuesta[1].doc
[2009/03/02 09:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/02/24 22:01:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Omar\Application Data\ACD Systems
[2009/02/24 22:01:07 | 00,002,355 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canvas 11.lnk
[2009/02/24 22:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/02/24 21:59:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2009/02/24 21:59:03 | 00,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2009/02/24 09:06:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\geophysics.xls
[2009/02/22 21:17:22 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/02/22 21:14:35 | 00,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/02/22 21:09:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/02/22 21:09:09 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/02/22 21:06:32 | 01,046,648 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\Google Updater.exe
[2009/02/16 20:53:12 | 00,536,286 | ---- | C] () -- C:\Documents and Settings\Omar\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3
========== Files - Modified Within 30 Days ==========
[2009/03/17 17:00:49 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Omar\Desktop\OTListIt2.exe
[2009/03/17 12:54:04 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\SystemLook.exe
[2009/03/17 12:43:01 | 00,002,245 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PASPortal.lnk
[2009/03/17 12:41:47 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/17 12:41:26 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/17 12:41:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/17 12:40:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/17 12:40:31 | 10,647,63392 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/16 09:42:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 09:37:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/15 22:10:18 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Remove malware2.doc
[2009/03/13 22:41:03 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Omar\My Documents\My Sharing Folders.lnk
[2009/03/13 22:12:17 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\RSIT.exe
[2009/03/13 22:00:07 | 02,132,416 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Omar\Desktop\mbam-rules.exe
[2009/03/13 21:54:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/13 21:54:13 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Omar\Desktop\mbam-setup.exe
[2009/03/12 16:06:15 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Remove malware.doc
[2009/03/12 08:48:00 | 00,638,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\Cat.DB
[2009/03/11 15:54:39 | 01,754,496 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\BitTorrent-6.1.2.exe
[2009/03/11 09:45:07 | 00,001,810 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
[2009/03/11 09:45:07 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Your Uninstaller! 2008.lnk
[2009/03/11 09:28:32 | 00,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 09:35:21 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\portadas.doc
[2009/03/09 18:45:38 | 00,661,370 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\OTScanIt2.exe
[2009/03/07 20:27:51 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\malware.rtf
[2009/03/07 18:54:00 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[2009/03/07 16:11:06 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Spybot - Search & Destroy.lnk
[2009/03/07 15:58:21 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Omar\Desktop\spybotsd162.exe
[2009/03/07 11:58:25 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canvas 11.lnk
[2009/03/05 22:03:16 | 02,111,386 | -H-- | M] () -- C:\Documents and Settings\Omar\Local Settings\Application Data\IconCache.db
[2009/03/05 15:46:44 | 00,001,374 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy DivX for Windows.lnk
[2009/03/04 19:40:32 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/03/04 19:39:50 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/03/04 19:38:41 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\DivX Movies.lnk
[2009/03/04 15:30:48 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/03/03 21:53:31 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Procedimiento_y_resultados_propuesta[1].doc
[2009/03/03 14:56:16 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/03/03 14:56:16 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/03/03 14:56:16 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/03/03 14:56:16 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/03/03 14:55:16 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\cchpx86.sys
[2009/03/03 14:55:09 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\isolate.ini
[2009/02/27 07:20:26 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\SymEFA.sys
[2009/02/27 07:20:26 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtsp.sys
[2009/02/27 07:20:26 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\BHDrvx86.sys
[2009/02/27 07:20:26 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\symtdi.sys
[2009/02/27 07:20:26 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\symfw.sys
[2009/02/27 07:20:26 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtspx.sys
[2009/02/27 07:20:26 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\symndisv.sys
[2009/02/27 07:20:26 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\symndis.sys
[2009/02/27 07:20:26 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.086\symids.sys
[2009/02/27 07:20:23 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\SymEFA.inf
[2009/02/27 07:20:23 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\ccHPx86.inf
[2009/02/27 07:20:23 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\SymNet.inf
[2009/02/27 07:20:23 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtspx.inf
[2009/02/27 07:20:23 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtsp.inf
[2009/02/27 07:20:23 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\BHDrvx86.inf
[2009/02/27 07:20:19 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\SymNet.cat
[2009/02/27 07:20:19 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\SymEFA.cat
[2009/02/27 07:20:19 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtspx.cat
[2009/02/27 07:20:19 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\BHDrvx86.CAT
[2009/02/27 07:20:19 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\srtsp.cat
[2009/02/27 07:20:19 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.086\ccHPx86.cat
[2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/24 09:06:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\geophysics.xls
[2009/02/22 21:17:22 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/02/22 21:08:14 | 01,046,648 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\Google Updater.exe
[2009/02/16 20:54:52 | 00,536,286 | ---- | M] () -- C:\Documents and Settings\Omar\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTListIt Extras logfile created on: 17/03/2009 05:02:58 p.m. - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Documents and Settings\Omar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000500A | Country: Puerto Rico | Language: ESU | Date Format: dd/MM/yyyy
1015.37 Mb Total Physical Memory | 328.01 Mb Available Physical Memory | 32.30% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 17.11 Gb Free Space | 24.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMPUTADOR
Current User Name: Omar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- "%1" %*"
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A103C8B-3DFA-4F05-BE9B-97B7ECC12925}" = Canvas 11
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B994C873-CF4E-4278-BFAD-DD21E04E33D9}" = Samsung PC Studio 3
"{BAE4A43D-6DDE-4E19-A2A5-BBD89A3ED48C}" = PS7200
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE38B24E-4146-4DAC-AD4E-4EC8BF24C261}" = OpenOffice.org Installer 1.0
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4AB1A2A-72A8-4801-B238-0CB789C992FE}" = DataStudio
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6EFE637-E44E-4648-9183-D77E9F48F9F1}" = Graphical Analysis 3.2
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE983D56-28C6-4E5D-A146-8A8339B9CC1F}" = Lizardtech Express View Browser Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EsetOnlineScanner" = ESET Online Scanner
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D4AB1A2A-72A8-4801-B238-0CB789C992FE}" = DataStudio
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mineralogy Tutorials 2.1" = Mineralogy Tutorials 2.1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MrSID GeoViewer" = MrSID GeoViewer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c" = Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01/03/2009 07:39:56 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 04/03/2009 03:42:01 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 06/03/2009 01:08:46 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 06/03/2009 07:08:56 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 07/03/2009 12:40:40 p.m. | Computer Name = COMPUTADOR | Source = Application Error | ID = 1000
Description = Faulting application canvas11.exe, version 11.0.0.1173, faulting module
canvas11.exe, version 11.0.0.1173, fault address 0x0076f74a.
Error - 09/03/2009 11:24:12 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 10/03/2009 08:13:12 a.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 10/03/2009 08:13:43 a.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 10/03/2009 09:15:12 a.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
Error - 14/03/2009 05:32:36 p.m. | Computer Name = COMPUTADOR | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 16/03/2009 09:45:16 a.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 136.145.123.241. The machine with the IP address 136.145.123.223
did not allow the name to be claimed by this machine.
Error - 16/03/2009 09:50:26 a.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 136.145.123.241. The machine with the IP address 136.145.123.223
did not allow the name to be claimed by this machine.
Error - 16/03/2009 09:55:36 a.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 136.145.123.241. The machine with the IP address 136.145.123.223
did not allow the name to be claimed by this machine.
Error - 16/03/2009 10:00:46 a.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 136.145.123.241. The machine with the IP address 136.145.123.223
did not allow the name to be claimed by this machine.
Error - 16/03/2009 10:00:46 a.m. | Computer Name = COMPUTADOR | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is YOMAYRA.
Error - 16/03/2009 10:05:56 a.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 136.145.123.241. The machine with the IP address 136.145.123.223
did not allow the name to be claimed by this machine.
Error - 16/03/2009 06:03:20 p.m. | Computer Name = COMPUTADOR | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.71 for the Network Card with network address
00166F4C9160 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).
Error - 17/03/2009 12:41:08 p.m. | Computer Name = COMPUTADOR | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.66 for the Network Card with network address
00166F4C9160 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).
Error - 17/03/2009 12:57:42 p.m. | Computer Name = COMPUTADOR | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 17/03/2009 01:00:16 p.m. | Computer Name = COMPUTADOR | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F4C9160. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.
< End of report >
Hi rocks21
1 - Scan With ComboFix
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Status Check
Please reply with
the ComboFix log(C:\ComboFix.txt)
Thanks peku006
ComboFix 09-03-18.01 - Omar 2009-03-19 19:04:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.635 [GMT -4:00]
Running from: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\i386\EULA.txt
c:\documents and settings\i386\hosts
c:\documents and settings\i386\winmsd.exe
c:\program files\Mozilla Firefox\components\7d817ebf-685d-5fc9-8e89-dde647987875.dll
c:\program files\Mozilla Firefox\components\irpecufxanhh.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 12:00 . 2009-03-19 12:00 <DIR> d-------- c:\windows\LastGood
2009-03-14 00:27 . 2009-03-14 00:27 <DIR> d-------- C:\rsit
2009-03-13 21:55 . 2009-03-13 21:55 <DIR> d-------- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-03-13 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 21:54 . 2009-03-13 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:45 . 2009-03-11 09:45 <DIR> d-------- c:\documents and settings\Omar\Application Data\URSoft
2009-03-11 09:44 . 2009-03-11 09:47 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-10 23:19 . 2009-03-10 23:19 <DIR> dr------- c:\program files\Norton Support
2009-03-09 18:48 . 2009-03-09 18:48 <DIR> d-------- C:\_OTScanIt
2009-03-07 13:28 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-04 21:14 . 2009-03-04 21:14 <DIR> d-------- c:\documents and settings\Omar\Application Data\DivX
2009-03-04 19:40 . 2008-11-06 12:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-04 19:40 . 2008-11-06 12:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-04 19:40 . 2008-11-06 12:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-04 15:32 . 2009-02-27 07:20 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-02 09:51 . 2009-03-02 09:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\Omar\Application Data\ACD Systems
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\ACD Systems
2009-02-22 21:09 . 2009-03-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 14:51 --------- d-----w c:\program files\LimeWire
2009-03-11 22:57 --------- d-----w c:\program files\World of Warcraft
2009-03-11 13:50 --------- d-----w c:\program files\IrfanView
2009-03-11 13:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 20:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 23:41 --------- d-----w c:\program files\DivX
2009-03-03 18:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-03 18:56 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 18:56 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-03 18:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 18:56 --------- d-----w c:\program files\Symantec
2009-02-27 16:51 --------- d-----w c:\documents and settings\Omar\Application Data\U3
2009-02-24 20:23 --------- d-----w c:\program files\iPod
2009-02-23 01:14 --------- d-----w c:\program files\Google
2009-02-09 21:50 --------- d-----w c:\program files\HP
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-09-29 00:16 38,016 ----a-w c:\documents and settings\Omar\Application Data\GDIPFONTCACHEV1.DAT
2008-09-14 04:06 37,240 ----a-w c:\documents and settings\El guest\Application Data\GDIPFONTCACHEV1.DAT
2006-03-26 19:04 147,608 ----a-w c:\documents and settings\i386\FNTCACHE.DAT
2006-03-24 23:51 53,838 ----a-w c:\documents and settings\i386\perfc009.dat
2006-03-24 23:51 382,260 ----a-w c:\documents and settings\i386\perfh009.dat
2006-03-24 23:46 16,384 ----a-w c:\documents and settings\i386\index.dat
2006-03-11 09:02 262,144 ---ha-w c:\documents and settings\i386\UsrClass.dat
2006-03-11 08:58 16,384 ----a-w c:\documents and settings\i386\MSIMGSIZ.DAT
2006-03-11 08:48 17,056 ----a-w c:\documents and settings\i386\AegisP.sys
2005-11-29 11:01 81,920 ----a-w c:\documents and settings\i386\SynTPCo2.dll
2005-11-29 10:58 69,723 ----a-w c:\documents and settings\i386\SynTPFcs.dll
2005-11-29 10:41 94,299 ----a-w c:\documents and settings\i386\SynTPAPI.dll
2005-11-29 10:41 114,688 ----a-w c:\documents and settings\i386\SynCtrl.dll
2005-11-29 10:40 82,014 ----a-w c:\documents and settings\i386\SynCOM.dll
2005-11-29 10:36 191,936 ----a-w c:\documents and settings\i386\SynTP.sys
2005-11-10 01:31 2,585,872 ----a-w c:\documents and settings\i386\KB893803.exe
2005-11-09 04:18 563,952 ----a-w c:\documents and settings\i386\KB908673.exe
2005-11-03 18:00 2,594,032 ----a-w c:\documents and settings\i386\KB896424.exe
2005-10-31 07:01 442,368 ----a-w c:\documents and settings\i386\pxdrv.dll
2005-10-25 23:39 27,264 ----a-w c:\documents and settings\i386\usbehci.sys
2005-10-25 23:39 143,104 ----a-w c:\documents and settings\i386\usbport.sys
2005-10-25 07:00 983,040 ----a-w c:\documents and settings\i386\cmdvdpakENU.dll
2005-10-15 03:15 1,302,812 ----a-w c:\documents and settings\i386\ialmnt5.sys
2005-10-15 03:14 901,242 ----a-w c:\documents and settings\i386\ialmdd5.dll
2005-10-15 03:06 61,440 ----a-w c:\documents and settings\i386\iAlmCoIn_v4410.dll
2005-10-15 03:06 49,152 ----a-w c:\documents and settings\i386\ialmrem.dll
2005-10-15 03:06 36,990 ----a-w c:\documents and settings\i386\ialmrnt5.dll
2005-10-15 03:06 213,274 ----a-w c:\documents and settings\i386\ialmdev5.dll
2005-10-15 03:06 118,395 ----a-w c:\documents and settings\i386\ialmdnt5.dll
2005-10-15 02:59 524,288 ----a-w c:\documents and settings\i386\igldev32.dll
2005-10-15 02:57 2,310,144 ----a-w c:\documents and settings\i386\iglicd32.dll
2005-10-15 02:50 94,208 ----a-w c:\documents and settings\i386\igfxext.exe
2005-10-15 02:50 53,248 ----a-w c:\documents and settings\i386\oemdspif.dll
2005-10-15 02:50 40,960 ----a-w c:\documents and settings\i386\igfxexps.dll
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxzoom.exe
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxpers.exe
2005-10-15 02:49 446,464 ----a-w c:\documents and settings\i386\igfxcfg.exe
2005-10-15 02:49 147,456 ----a-w c:\documents and settings\i386\igfxpph.dll
2005-10-15 02:49 1,503,232 ----a-w c:\documents and settings\i386\igfxress.dll
2005-10-15 02:46 86,016 ----a-w c:\documents and settings\i386\igfxdo.dll
2005-10-15 02:46 77,824 ----a-w c:\documents and settings\i386\hkcmd.exe
2005-10-15 02:46 57,344 ----a-w c:\documents and settings\i386\igfxsrvc.dll
2005-10-15 02:46 159,744 ----a-w c:\documents and settings\i386\igfxsrvc.exe
2005-10-15 02:45 73,728 ----a-w c:\documents and settings\i386\hccutils.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxres.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxdev.dll
2005-10-10 18:00 559,856 ----a-w c:\documents and settings\i386\KB906569.exe
2005-10-10 18:00 4,966,128 ----a-w c:\documents and settings\i386\KB896688.Exe
2005-10-10 18:00 1,393,392 ----a-w c:\documents and settings\i386\KB904706.Exe
2005-10-07 17:28 349,760 ----a-w c:\documents and settings\i386\mcinsctl.dll
2005-10-07 17:28 288,320 ----a-w c:\documents and settings\i386\mcgdmgr.dll
2005-10-06 03:09 280,064 ----a-w c:\documents and settings\i386\gdi32.dll
2005-10-06 00:05 1,839,488 ----a-w c:\documents and settings\i386\win32k.sys
2005-10-04 23:26 3,015,168 ----a-w c:\documents and settings\i386\mshtml.dll
2005-09-27 00:29 21,504 ----a-w c:\documents and settings\i386\xpsp3res.dll
2005-09-12 09:30 89,264 ----a-w c:\documents and settings\i386\DRVMCDB.SYS
2005-09-10 05:21 109,056 ----a-w c:\documents and settings\i386\staco.dll
2005-09-10 05:18 389,120 ----a-w c:\documents and settings\i386\STLang.dll
2005-09-10 05:18 167,936 ----a-w c:\documents and settings\i386\stacapi.dll
2005-09-10 05:15 1,032,472 ----a-w c:\documents and settings\i386\sthda.sys
2005-09-02 23:52 96,256 ----a-w c:\documents and settings\i386\inseng.dll
2005-08-30 03:54 1,287,168 ----a-w c:\documents and settings\i386\quartz.dll
2005-08-25 18:16 5,628 ----a-w c:\documents and settings\i386\DLACDBHM.SYS
2005-08-25 18:16 22,684 ----a-w c:\documents and settings\i386\DLARTL_N.SYS
2005-08-16 22:18 80,640 ----a-w c:\documents and settings\i386\MpFirewall.sys
2005-08-16 22:13 9,216 ----a-w c:\documents and settings\i386\MpfApi.dll
2005-08-12 11:20 40,544 ----a-w c:\documents and settings\i386\DRVNDDM.SYS
2005-08-12 07:00 28,672 ----a-w c:\documents and settings\i386\VXBLOCK.dll
2005-08-10 17:22 114,464 ----a-w c:\documents and settings\i386\naiavf5x.sys
2005-08-05 09:32 45,312 ----a-r c:\documents and settings\i386\bcm4sbxp.sys
2005-08-04 18:00 583,920 ----a-w c:\documents and settings\i386\KB899591.exe
2005-08-04 18:00 579,312 ----a-w c:\documents and settings\i386\KB899588.exe
2005-08-04 18:00 563,440 ----a-w c:\documents and settings\i386\KB896423.exe
2005-08-03 16:44 16,128 ----a-w c:\documents and settings\i386\APPDRV.SYS
2005-07-22 09:02 1,035,008 ----a-w c:\documents and settings\i386\HSF_DPV.sys
2005-07-22 09:01 717,952 ----a-w c:\documents and settings\i386\HSF_CNXT.sys
2005-07-22 09:01 201,600 ----a-w c:\documents and settings\i386\HSFHWAZL.sys
2008-09-18 19:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-11 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2006-08-30 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\El guest\\Desktop\\WEB-WOWEx-E3-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [2009-03-03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [2009-03-03 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2006-11-19 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+);c:\windows\system32\drivers\NUVision.sys [2006-11-19 145184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
\shell\verb1\command - desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - G:\system.exe
\Shell\Open\command - G:\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 21:09]
2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 21:14]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2008-05-11 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/news?ned=us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.5.0.134\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 19:06:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,
6e,68,62,6f,65,67,00,00
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,
6a,6a,66,6a,61,6d,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1464)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-19 19:09:43
ComboFix-quarantined-files.txt 2009-03-19 23:08:53
Pre-Run: 18,505,330,688 bytes free
Post-Run: 18,552,950,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
320 --- E O F --- 2009-03-17 16:47:00
Hi rocks21
1 - Run CFScript
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Firefox::
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
3. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
ComboFix 09-03-18.01 - Omar 2009-03-20 13:57:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.567 [GMT -4:00]
Running from: c:\documents and settings\Omar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Omar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
2009-03-20 09:45 . 2009-03-20 09:45 <DIR> d-------- c:\windows\LastGood
2009-03-14 00:27 . 2009-03-14 00:27 <DIR> d-------- C:\rsit
2009-03-13 21:55 . 2009-03-13 21:55 <DIR> d-------- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-03-13 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 21:54 . 2009-03-13 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:45 . 2009-03-11 09:45 <DIR> d-------- c:\documents and settings\Omar\Application Data\URSoft
2009-03-11 09:44 . 2009-03-11 09:47 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-10 23:19 . 2009-03-10 23:19 <DIR> dr------- c:\program files\Norton Support
2009-03-09 18:48 . 2009-03-09 18:48 <DIR> d-------- C:\_OTScanIt
2009-03-07 13:28 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-04 21:14 . 2009-03-04 21:14 <DIR> d-------- c:\documents and settings\Omar\Application Data\DivX
2009-03-04 19:40 . 2008-11-06 12:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-04 19:40 . 2008-11-06 12:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-04 19:40 . 2008-11-06 12:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-04 15:32 . 2009-02-27 07:20 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-02 09:51 . 2009-03-02 09:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\Omar\Application Data\ACD Systems
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\ACD Systems
2009-02-22 21:09 . 2009-03-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 14:51 --------- d-----w c:\program files\LimeWire
2009-03-11 22:57 --------- d-----w c:\program files\World of Warcraft
2009-03-11 13:50 --------- d-----w c:\program files\IrfanView
2009-03-11 13:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 20:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 23:41 --------- d-----w c:\program files\DivX
2009-03-03 18:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-03 18:56 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 18:56 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-03 18:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 18:56 --------- d-----w c:\program files\Symantec
2009-02-27 16:51 --------- d-----w c:\documents and settings\Omar\Application Data\U3
2009-02-24 20:23 --------- d-----w c:\program files\iPod
2009-02-23 01:14 --------- d-----w c:\program files\Google
2009-02-09 21:50 --------- d-----w c:\program files\HP
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-09-29 00:16 38,016 ----a-w c:\documents and settings\Omar\Application Data\GDIPFONTCACHEV1.DAT
2008-09-14 04:06 37,240 ----a-w c:\documents and settings\El guest\Application Data\GDIPFONTCACHEV1.DAT
2006-03-26 19:04 147,608 ----a-w c:\documents and settings\i386\FNTCACHE.DAT
2006-03-24 23:51 53,838 ----a-w c:\documents and settings\i386\perfc009.dat
2006-03-24 23:51 382,260 ----a-w c:\documents and settings\i386\perfh009.dat
2006-03-24 23:46 16,384 ----a-w c:\documents and settings\i386\index.dat
2006-03-11 09:02 262,144 ---ha-w c:\documents and settings\i386\UsrClass.dat
2006-03-11 08:58 16,384 ----a-w c:\documents and settings\i386\MSIMGSIZ.DAT
2006-03-11 08:48 17,056 ----a-w c:\documents and settings\i386\AegisP.sys
2005-11-29 11:01 81,920 ----a-w c:\documents and settings\i386\SynTPCo2.dll
2005-11-29 10:58 69,723 ----a-w c:\documents and settings\i386\SynTPFcs.dll
2005-11-29 10:41 94,299 ----a-w c:\documents and settings\i386\SynTPAPI.dll
2005-11-29 10:41 114,688 ----a-w c:\documents and settings\i386\SynCtrl.dll
2005-11-29 10:40 82,014 ----a-w c:\documents and settings\i386\SynCOM.dll
2005-11-29 10:36 191,936 ----a-w c:\documents and settings\i386\SynTP.sys
2005-11-10 01:31 2,585,872 ----a-w c:\documents and settings\i386\KB893803.exe
2005-11-09 04:18 563,952 ----a-w c:\documents and settings\i386\KB908673.exe
2005-11-03 18:00 2,594,032 ----a-w c:\documents and settings\i386\KB896424.exe
2005-10-31 07:01 442,368 ----a-w c:\documents and settings\i386\pxdrv.dll
2005-10-25 23:39 27,264 ----a-w c:\documents and settings\i386\usbehci.sys
2005-10-25 23:39 143,104 ----a-w c:\documents and settings\i386\usbport.sys
2005-10-25 07:00 983,040 ----a-w c:\documents and settings\i386\cmdvdpakENU.dll
2005-10-15 03:15 1,302,812 ----a-w c:\documents and settings\i386\ialmnt5.sys
2005-10-15 03:14 901,242 ----a-w c:\documents and settings\i386\ialmdd5.dll
2005-10-15 03:06 61,440 ----a-w c:\documents and settings\i386\iAlmCoIn_v4410.dll
2005-10-15 03:06 49,152 ----a-w c:\documents and settings\i386\ialmrem.dll
2005-10-15 03:06 36,990 ----a-w c:\documents and settings\i386\ialmrnt5.dll
2005-10-15 03:06 213,274 ----a-w c:\documents and settings\i386\ialmdev5.dll
2005-10-15 03:06 118,395 ----a-w c:\documents and settings\i386\ialmdnt5.dll
2005-10-15 02:59 524,288 ----a-w c:\documents and settings\i386\igldev32.dll
2005-10-15 02:57 2,310,144 ----a-w c:\documents and settings\i386\iglicd32.dll
2005-10-15 02:50 94,208 ----a-w c:\documents and settings\i386\igfxext.exe
2005-10-15 02:50 53,248 ----a-w c:\documents and settings\i386\oemdspif.dll
2005-10-15 02:50 40,960 ----a-w c:\documents and settings\i386\igfxexps.dll
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxzoom.exe
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxpers.exe
2005-10-15 02:49 446,464 ----a-w c:\documents and settings\i386\igfxcfg.exe
2005-10-15 02:49 147,456 ----a-w c:\documents and settings\i386\igfxpph.dll
2005-10-15 02:49 1,503,232 ----a-w c:\documents and settings\i386\igfxress.dll
2005-10-15 02:46 86,016 ----a-w c:\documents and settings\i386\igfxdo.dll
2005-10-15 02:46 77,824 ----a-w c:\documents and settings\i386\hkcmd.exe
2005-10-15 02:46 57,344 ----a-w c:\documents and settings\i386\igfxsrvc.dll
2005-10-15 02:46 159,744 ----a-w c:\documents and settings\i386\igfxsrvc.exe
2005-10-15 02:45 73,728 ----a-w c:\documents and settings\i386\hccutils.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxres.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxdev.dll
2005-10-10 18:00 559,856 ----a-w c:\documents and settings\i386\KB906569.exe
2005-10-10 18:00 4,966,128 ----a-w c:\documents and settings\i386\KB896688.Exe
2005-10-10 18:00 1,393,392 ----a-w c:\documents and settings\i386\KB904706.Exe
2005-10-07 17:28 349,760 ----a-w c:\documents and settings\i386\mcinsctl.dll
2005-10-07 17:28 288,320 ----a-w c:\documents and settings\i386\mcgdmgr.dll
2005-10-06 03:09 280,064 ----a-w c:\documents and settings\i386\gdi32.dll
2005-10-06 00:05 1,839,488 ----a-w c:\documents and settings\i386\win32k.sys
2005-10-04 23:26 3,015,168 ----a-w c:\documents and settings\i386\mshtml.dll
2005-09-27 00:29 21,504 ----a-w c:\documents and settings\i386\xpsp3res.dll
2005-09-12 09:30 89,264 ----a-w c:\documents and settings\i386\DRVMCDB.SYS
2005-09-10 05:21 109,056 ----a-w c:\documents and settings\i386\staco.dll
2005-09-10 05:18 389,120 ----a-w c:\documents and settings\i386\STLang.dll
2005-09-10 05:18 167,936 ----a-w c:\documents and settings\i386\stacapi.dll
2005-09-10 05:15 1,032,472 ----a-w c:\documents and settings\i386\sthda.sys
2005-09-02 23:52 96,256 ----a-w c:\documents and settings\i386\inseng.dll
2005-08-30 03:54 1,287,168 ----a-w c:\documents and settings\i386\quartz.dll
2005-08-25 18:16 5,628 ----a-w c:\documents and settings\i386\DLACDBHM.SYS
2005-08-25 18:16 22,684 ----a-w c:\documents and settings\i386\DLARTL_N.SYS
2005-08-16 22:18 80,640 ----a-w c:\documents and settings\i386\MpFirewall.sys
2005-08-16 22:13 9,216 ----a-w c:\documents and settings\i386\MpfApi.dll
2005-08-12 11:20 40,544 ----a-w c:\documents and settings\i386\DRVNDDM.SYS
2005-08-12 07:00 28,672 ----a-w c:\documents and settings\i386\VXBLOCK.dll
2005-08-10 17:22 114,464 ----a-w c:\documents and settings\i386\naiavf5x.sys
2005-08-05 09:32 45,312 ----a-r c:\documents and settings\i386\bcm4sbxp.sys
2005-08-04 18:00 583,920 ----a-w c:\documents and settings\i386\KB899591.exe
2005-08-04 18:00 579,312 ----a-w c:\documents and settings\i386\KB899588.exe
2005-08-04 18:00 563,440 ----a-w c:\documents and settings\i386\KB896423.exe
2005-08-03 16:44 16,128 ----a-w c:\documents and settings\i386\APPDRV.SYS
2005-07-22 09:02 1,035,008 ----a-w c:\documents and settings\i386\HSF_DPV.sys
2005-07-22 09:01 717,952 ----a-w c:\documents and settings\i386\HSF_CNXT.sys
2005-07-22 09:01 201,600 ----a-w c:\documents and settings\i386\HSFHWAZL.sys
2005-07-14 16:58 28,544 ----a-w c:\documents and settings\i386\rimmptsk.sys
2005-07-14 15:28 307,968 ----a-w c:\documents and settings\i386\rixdptsk.sys
2005-07-12 17:00 51,328 ----a-w c:\documents and settings\i386\rimsptsk.sys
2005-07-06 18:00 625,904 ----a-w c:\documents and settings\i386\KB901214.exe
2008-09-18 19:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-19_19.07.17.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-20 13:42:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2009-03-20 13:43:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-11 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2006-08-30 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\El guest\\Desktop\\WEB-WOWEx-E3-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [2009-03-03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [2009-03-03 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2006-11-19 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+);c:\windows\system32\drivers\NUVision.sys [2006-11-19 145184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 21:09]
2009-03-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 21:14]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2008-05-11 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/news?ned=us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.5.0.134\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 14:00:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,
6e,68,62,6f,65,67,00,00
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,
6a,6a,66,6a,61,6d,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1452)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-20 14:03:22
ComboFix-quarantined-files.txt 2009-03-20 18:03:02
ComboFix2.txt 2009-03-19 23:09:44
Pre-Run: 18,451,992,576 bytes free
Post-Run: 18,487,676,928 bytes free
284 --- E O F --- 2009-03-20 13:48:50
Hi,Now Google is set as my default search engine :-) but the Yoog search engine is still there,I'm still able to choose it, how can i get rid of it?
thx
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:27 p.m., on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11404 bytes
Hi rocks21
Let´s try this.....
FireFox
Remove Yoog Search from FireFoxLook in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.
Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default
On the address bar of Firefox you type: about:config and press the Enter key
Click on the "I will be careful, I promise" button.
Type in Yoog for the filter and a list of items that have Yoog in them should appear
For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET
IE7
Click on Tools/Internet Options
In the middle under Search section click the Settings button
Highlight Yoog and click the Remove button.
post back if it helped
Thanks peku006
Yes,it worked ,thanks a lot for the help,i still have to see if the windows update are working,since they seem to be in a loop
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.