browser hijacker???

View previous topic View next topic Go down

browser hijacker???

Post by nyerobi on Wed 25 Aug 2010, 4:01 pm

browser often redirects to strange sites and I can't get my igoogle page or gmail

OTL logfile created on: 8/24/2010 9:34:09 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Kristina_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.76 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TINA
Current User Name: Kristina_2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/24 21:33:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina_2\Desktop\OTL.com
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/15 21:16:23 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/09 22:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 01:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/03/27 15:35:40 | 000,229,376 | ---- | M] () -- C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
PRC - [2005/05/06 20:28:40 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
PRC - [2003/01/22 18:23:22 | 000,045,056 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2003/01/17 21:26:50 | 000,458,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2003/01/15 18:24:14 | 000,102,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CePMTray.exe
PRC - [2003/01/14 16:52:26 | 000,561,152 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2002/11/25 11:23:20 | 000,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2002/10/17 14:21:38 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\ISM\pinger.exe
PRC - [2002/10/04 13:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 21:33:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina_2\Desktop\OTL.com
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/15 21:16:23 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/14 00:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 20:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 01:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/04 13:24:18 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys -- (LVcKap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btaudio.sys -- (BtAudio)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/16 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071106.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/10/16 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/10/16 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/10/16 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071106.025\NAVENG.SYS -- (NAVENG)
DRV - [2007/10/15 21:18:33 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/01/11 19:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 19:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 19:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 15:32:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 15:32:13 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 15:32:13 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 15:32:13 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/01/09 15:32:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 15:32:13 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/01/03 08:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/10 20:48:02 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 20:43:16 | 000,933,536 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/11/10 20:43:16 | 000,013,344 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/11 15:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/01/23 14:22:53 | 000,006,896 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2002/12/30 13:20:14 | 000,030,775 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2002/12/18 20:56:34 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2002/12/18 20:56:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2002/12/18 20:56:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2002/12/12 03:27:28 | 000,159,744 | R--- | M] (The Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LSBCMNDS.SYS -- (BCM43XX)
DRV - [2002/11/22 11:21:18 | 001,157,856 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/10/04 13:22:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/16 19:25:02 | 000,941,516 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/08/28 15:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2002/07/17 18:45:48 | 000,004,183 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2002/06/28 17:29:12 | 000,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlags48b.sys -- (wlags48b)
DRV - [2002/06/13 12:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/15 05:49:54 | 000,063,405 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2001/08/09 18:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
DRV - [2000/10/15 17:38:54 | 000,016,068 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 1F 4E 90 D9 2A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1


[2010/05/04 21:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/04 21:14:03 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 - HOSTS file present but inaccessible!
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe ()
O4 - HKLM..\Run: [LexStart] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe File not found
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Symantec\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDUiP6210DMon] C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe ()
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-libremp3-uk\index.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} [You must be registered and logged in to see this link.] (iNotes6 Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} [You must be registered and logged in to see this link.] (Whale Client Components)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kristina_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristina_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31337.EXE File not found
O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31337.EXE File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2001/10/01 00:32:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/24 21:31:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristina_2\Desktop\OTL.com
[2010/08/24 20:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/24 20:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/24 20:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/24 20:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/24 20:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/24 20:33:30 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/24 20:33:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/24 20:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/24 20:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/24 20:33:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/24 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/24 20:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina_2\Application Data\Sun
[2010/08/24 20:31:28 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kristina_2\Desktop\jre-6u21-windows-i586.exe
[2010/08/09 14:51:12 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Kristina_2\Desktop\JavaRa.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/24 21:33:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina_2\Desktop\OTL.com
[2010/08/24 21:23:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 21:13:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 21:02:12 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/24 20:38:01 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Kristina_2\Desktop\JavaRa.exe
[2010/08/24 20:32:49 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/24 20:32:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/24 20:32:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/24 20:32:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/24 20:32:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/24 20:31:59 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kristina_2\Desktop\jre-6u21-windows-i586.exe
[2010/08/24 19:04:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 08:00:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 07:59:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 07:59:30 | 518,508,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 11:04:09 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/22 09:45:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/19 21:54:12 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/08/04 21:48:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kristina_2\ntuser.ini
[2010/08/04 21:48:30 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Kristina_2\NTUSER.DAT
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 21:02:12 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/05 22:27:42 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/06/05 22:27:39 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/06/05 22:27:39 | 000,000,001 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/06/05 22:27:38 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/06/05 22:15:02 | 000,065,763 | -HS- | C] () -- C:\Documents and Settings\Kristina_2\Application Data\e61f5c10-abd6-4853-9888-a9eeecfe2510_31.avi
[2010/06/02 20:42:52 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Kristina_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 17:13:58 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Kristina_2\Application Data\wklnhst.dat
[2010/05/11 21:17:08 | 000,001,175 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2007/12/16 17:47:34 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/15 21:08:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/09/13 10:32:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/09/03 21:27:06 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2007/09/03 21:26:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2007/09/03 21:25:47 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/09/03 21:25:43 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2007/09/03 19:19:05 | 000,000,144 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/26 19:03:48 | 000,042,594 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/20 13:12:17 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2006/06/13 21:15:18 | 000,001,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/11 13:22:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/02/06 03:24:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2006/02/06 01:05:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2006/02/04 01:28:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2006/02/01 00:12:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2005/12/17 20:44:40 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7B.DLL
[2005/03/22 05:48:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/05/09 13:43:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/07 18:21:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/06 10:16:08 | 000,000,195 | ---- | C] () -- C:\WINDOWS\sigfonts.ini
[2003/07/06 10:11:35 | 000,000,692 | ---- | C] () -- C:\WINDOWS\vLetter.ini
[2003/07/06 10:06:47 | 000,105,984 | ---- | C] () -- C:\WINDOWS\System32\HWDLLN32.dll
[2003/07/06 09:50:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/06/23 21:24:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2003/06/01 21:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/02/06 12:08:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/27 10:31:22 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2003/01/27 10:31:21 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2003/01/27 10:31:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2003/01/27 10:31:21 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2003/01/23 14:33:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2003/01/15 18:47:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CeEPPolicy.dll
[2003/01/15 18:23:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CeEPDefDat.dll
[2003/01/15 11:52:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/01/14 16:56:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CeEKPolicy.dll
[2003/01/14 11:15:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/01/14 11:14:43 | 000,000,647 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/01/13 17:47:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2003/01/13 17:37:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2003/01/13 17:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/01/13 17:23:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2003/01/13 17:16:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2003/01/13 16:38:59 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/07/17 18:45:48 | 000,004,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPIOMngr.sys
[2001/10/01 00:36:50 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/10/01 00:27:02 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/30 21:09:04 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/09/06 15:35:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/09/30 17:20:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2001/09/30 17:20:11 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2001/09/30 17:20:11 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\CBTNDIS5.sys
[2002/08/29 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/05/17 15:43:02 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/05/17 15:43:07 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/05/17 15:43:04 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/05/17 15:43:09 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/05/17 15:43:06 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2000/10/15 17:38:54 | 000,016,068 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 06:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2001/10/01 00:32:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/10/16 10:15:20 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2010/07/14 06:32:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2001/10/01 00:32:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/11 22:24:28 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/03/28 22:06:42 | 000,000,135 | ---- | M] () -- C:\error.log
[2008/11/11 10:08:38 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2008/11/11 10:08:38 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/08/24 07:59:30 | 518,508,544 | -HS- | M] () -- C:\hiberfil.sys
[2001/10/01 00:32:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/24 20:39:40 | 000,006,024 | ---- | M] () -- C:\JavaRa.log
[2001/10/01 00:32:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/12/26 16:47:32 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/08 20:09:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/24 07:59:28 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys
[2006/12/26 19:30:31 | 000,000,280 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/24 15:57:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/12/26 19:30:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/12/24 15:57:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/09 17:42:47 | 000,031,864 | ---- | M] (Symantec Corporation) -- C:\symlcsv1.exe
[2010/06/05 22:50:17 | 000,001,612 | ---- | M] () -- C:\Sysinternals Antivirus.lnk
[2004/01/28 21:45:17 | 000,000,003 | ---- | M] () -- C:\TCPCheckResult.txt

< %PROGRAMFILES%\*. >
[2004/04/01 21:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\3DGroove
[2010/08/24 20:59:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2003/01/15 10:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 8.0
[2003/01/15 11:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 8.0a
[2003/01/15 11:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2003/01/13 17:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2009/12/17 08:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2003/01/13 18:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2007/09/03 19:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie(TM)
[2007/01/13 19:25:27 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2009/12/17 08:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/09/16 22:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/08/24 20:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2001/10/01 00:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 21:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Data Protection
[2003/01/23 14:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2003/01/27 18:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\Drag'n Drop CD+DVD
[2007/11/25 16:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2007/09/16 22:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/03/14 12:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2003/11/27 23:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\HM Lesson Planner
[2010/07/14 06:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/03/28 22:07:24 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/01/13 16:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/07/19 08:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/08/22 09:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2003/01/23 14:50:50 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/12/17 08:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/12/18 09:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/24 20:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/02/26 18:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\kidthing
[2008/12/02 20:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2003/01/27 10:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/06/08 20:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/09/07 18:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/12 09:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003/09/07 18:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2001/10/01 00:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/12/14 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2003/09/07 18:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2003/09/07 18:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2010/06/03 21:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2003/09/07 18:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2003/09/07 18:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2003/09/07 18:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2004
[2008/03/21 16:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\Migo Software
[2010/08/22 09:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/04 21:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2001/10/01 00:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2001/10/01 00:27:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/12/27 11:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/01/06 15:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2010/06/08 20:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/08/24 20:45:50 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2001/10/01 00:30:27 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/08 21:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/09/16 22:32:26 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2005/03/29 12:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\Playboy - The Mansion
[2007/09/16 22:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/12/17 08:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/09/03 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Readiris10
[2006/11/19 17:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/19 19:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2007/09/03 20:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2006/09/13 21:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Shutterfly
[2007/09/03 21:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\SmarThru 4
[2007/07/14 18:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Stellarium
[2007/11/06 23:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/06/05 22:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sysinternals Antivirus
[2003/02/06 11:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2003/01/13 18:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Access Files
[2004/04/14 20:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Trymedia
[2004/07/24 09:51:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2003/01/13 18:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/09/04 13:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Virtools Web Player 3.0
[2007/01/22 22:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\vLetter
[2007/09/16 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\War Chess
[2006/10/20 12:54:00 | 000,000,000 | ---D | M] -- C:\Program Files\Whale Communications
[2009/01/07 20:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/06/16 16:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/08 20:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/06/08 20:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/11 22:58:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2001/10/01 00:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/12/01 09:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2001/09/30 17:21:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Kristina_2\Application Data\desktop.ini
[2010/06/05 22:15:02 | 000,065,763 | -HS- | M] () -- C:\Documents and Settings\Kristina_2\Application Data\e61f5c10-abd6-4853-9888-a9eeecfe2510_31.avi
[2010/07/20 18:24:45 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Kristina_2\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 05:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:usbstor.sys
[2006/12/26 16:39:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/06/08 19:42:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/03 23:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\USBSTOR.SYS
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-22 16:45:55

< >
< End of report >




nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Wed 25 Aug 2010, 4:02 pm

OTL Extras logfile created on: 8/24/2010 9:34:09 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Kristina_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.76 Gb Free Space | 20.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TINA
Current User Name: Kristina_2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Westwood\SUN\GAME.ICD" = C:\Westwood\SUN\GAME.ICD:*:Enabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Westwood\SUN\PATCHGET.DAT" = C:\Westwood\SUN\PATCHGET.DAT:*:Enabled:patchgrabber -- (Westwood Studios)
"C:\Westwood\SUN\Game.exe" = C:\Westwood\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04410040-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{12408EED-3F86-4DDD-AE7D-78167031DFDF}" = TouchPad On/Off Utility
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14CAA732-DB11-478A-B297-E19F2EF49C90}" = Canon iP6210D Memory Card Utility
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{19054939-DBF1-4ED9-B9EB-EF5EA725908F}" = TOSHIBA Hotkey Utility
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{46463780-40FD-4929-BDE6-C32BEE15107E}" = TOSHIBA Power Management Utility
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C643986-DE3C-4737-8472-CCEC36CCC267}" = Studio Content CD
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"3DGroove" = 3D Groove Playback Engine
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"AT&T Connection Services Software" = AT&T Connection Services Manager
"Barbie(TM) as The Princess and the Pauper" = Barbie(TM) as The Princess and the Pauper
"Bicycle Board Games 1.0" = Bicycle Board Games
"CANONBJ_Deinstall_CNMCP38.DLL" = Canon S300
"CANONBJ_Deinstall_CNMCP7B.DLL" = Canon iP6210D
"Data Protection" = Data Protection
"Easy-WebPrint" = Easy-WebPrint
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{12408EED-3F86-4DDD-AE7D-78167031DFDF}" = TouchPad On/Off Utility
"InstallShield_{19054939-DBF1-4ED9-B9EB-EF5EA725908F}" = TOSHIBA Hotkey Utility
"InstallShield_{46463780-40FD-4929-BDE6-C32BEE15107E}" = TOSHIBA Power Management Utility
"InterActual Player" = InterActual Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Registry Repair 55" = Migo Registry Repair 5
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"SFlyStudio" = Shutterfly Studio
"Shockwave" = Shockwave
"SmarThru PC Fax" = SmarThru PC Fax
"Stellaluna" = Stellaluna
"Stellarium_is1" = Stellarium v0.6.1
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Toshiba Access" = Toshiba Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"TOSHIBA System Stability Program" = TOSHIBA System Stability Program
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.1.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2010 8:51:24 PM | Computer Name = TINA | Source = Google Update | ID = 20
Description =

Error - 7/25/2010 8:54:47 PM | Computer Name = TINA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 8:54:48 PM | Computer Name = TINA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 8:55:03 PM | Computer Name = TINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 7/25/2010 9:02:03 PM | Computer Name = TINA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 9:02:03 PM | Computer Name = TINA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/5/2010 12:55:52 AM | Computer Name = TINA | Source = Application Error | ID = 1000
Description = Faulting application ndstray.exe, version 4.0.2.314, faulting module
unknown, version 0.0.0.0, fault address 0x00b75ce4.

Error - 8/5/2010 12:56:23 AM | Computer Name = TINA | Source = Application Error | ID = 1001
Description = Fault bucket 1982852105.

Error - 8/20/2010 1:30:27 AM | Computer Name = TINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 8/20/2010 1:46:38 AM | Computer Name = TINA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 8/22/2010 2:05:32 PM | Computer Name = TINA | Source = Service Control Manager | ID = 7000
Description = The NICSer_WPC54G service failed to start due to the following error:
%%2

Error - 8/22/2010 2:05:32 PM | Computer Name = TINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/22/2010 9:56:00 PM | Computer Name = TINA | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 8/22/2010 9:56:00 PM | Computer Name = TINA | Source = Service Control Manager | ID = 7000
Description = The NICSer_WPC54G service failed to start due to the following error:
%%2

Error - 8/22/2010 9:56:00 PM | Computer Name = TINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/24/2010 10:18:16 AM | Computer Name = TINA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 8/24/2010 10:18:17 AM | Computer Name = TINA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 8/24/2010 10:18:17 AM | Computer Name = TINA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 8/24/2010 11:01:05 AM | Computer Name = TINA | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 8/24/2010 11:01:05 AM | Computer Name = TINA | Source = Service Control Manager | ID = 7000
Description = The NICSer_WPC54G service failed to start due to the following error:
%%2


< End of report >

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Wed 25 Aug 2010, 8:41 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Thu 26 Aug 2010, 3:43 pm

ComboFix 10-08-24.0C - Kristina_2 08/25/2010 20:56:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.311 [GMT -7:00]
Running from: c:\documents and settings\Kristina_2\desktop\combo-fix.exe
Command switches used :: /killall
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\confin.sys
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Kristina_2\Application Data\e61f5c10-abd6-4853-9888-a9eeecfe2510_31.avi
c:\documents and settings\Kristina_2\Application Data\SystemProc
c:\documents and settings\Kristina_2\Desktop\Sysinternals Antivirus.lnk
c:\documents and settings\Kristina_2\Start Menu\Programs\Sysinternals Antivirus
c:\documents and settings\Kristina_2\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
c:\documents and settings\Patrick\Application Data\SystemProc
c:\program files\Data Protection
c:\program files\Data Protection\about.ico
c:\program files\Data Protection\activate.ico
c:\program files\Data Protection\buy.ico
c:\program files\Data Protection\dat.db
c:\program files\Data Protection\help.ico
c:\program files\Data Protection\scan.ico
c:\program files\Data Protection\settings.ico
c:\program files\Data Protection\splash.mp3
c:\program files\Data Protection\update.ico
c:\program files\Data Protection\virus.mp3
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\program files\nuar.old
c:\program files\skynet.dat
c:\program files\Sysinternals Antivirus
c:\program files\wp3.dat
c:\program files\wp4.dat
C:\Sysinternals Antivirus.lnk
c:\windows\PRAGMAccxnoisvmk
c:\windows\PRAGMAccxnoisvmk\PRAGMAcfg.ini
c:\windows\PRAGMAccxnoisvmk\PRAGMAsrcr.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADBUPD


((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 04:12 . 2010-08-26 04:12 65616 ----a-w- c:\documents and settings\Kristina_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-25 03:48 . 2010-08-25 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 03:34 . 2010-08-25 03:34 -------- d-----w- c:\program files\Common Files\Java
2010-08-25 03:33 . 2010-08-25 03:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 03:32 . 2010-08-25 03:32 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 04:01 . 2003-01-14 01:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-25 03:48 . 2010-08-25 03:48 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-25 03:34 . 2010-08-25 03:34 503808 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\msvcp71.dll
2010-08-25 03:34 . 2010-08-25 03:34 499712 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\jmc.dll
2010-08-25 03:34 . 2010-08-25 03:34 348160 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\msvcr71.dll
2010-08-25 03:34 . 2010-08-25 03:34 12800 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d6466c9-n\decora-d3d.dll
2010-08-25 03:34 . 2010-08-25 03:34 61440 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d6466c9-n\decora-sse.dll
2010-08-24 14:52 . 2010-06-05 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-24 14:22 . 2010-06-05 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-21 23:26 . 2010-08-21 23:23 26641904 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-21 23:22 . 2010-08-21 23:22 220272 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-21 23:21 . 2010-08-21 23:21 149000 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-21 23:21 . 2010-08-21 23:20 13407072 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-21 23:18 . 2010-08-21 23:18 79368 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-21 23:18 . 2010-08-21 23:18 73344 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-21 23:18 . 2010-08-21 23:18 52288 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-21 23:18 . 2010-08-21 23:18 64000 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-21 23:18 . 2010-08-21 23:18 122880 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-20 05:30 . 2010-08-20 05:30 452104 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\setup.exe
2010-07-21 01:24 . 2010-05-23 00:13 924 ----a-w- c:\documents and settings\Kristina_2\Application Data\wklnhst.dat
2010-07-15 01:26 . 2010-07-14 13:58 -------- d-----w- c:\documents and settings\Patrick\Application Data\HpUpdate
2010-07-14 13:58 . 2006-06-14 04:16 -------- d-----w- c:\program files\HP
2010-06-30 12:31 . 2001-10-01 04:08 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2001-10-01 04:08 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-01 04:08 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-01 04:08 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2001-10-01 07:29 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 16:16 . 2010-06-12 17:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 03:31 . 2001-10-01 07:31 77607 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-12-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-12-13 114688]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-03-30 122880]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2003-01-16 102400]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2003-01-14 561152]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2002-11-25 172032]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2003-01-23 45056]
"NDSTray.exe"="c:\progra~1\Toshiba\CONFIG~1\NDSTray.exe" [2003-01-18 458752]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PDUiP6210DMon"="c:\program files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe" [2005-05-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-14 185896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Drag'n Drop CD+DVD"="c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-01-09 991232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
path=
backup=
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Westwood\\SUN\\GAME.ICD"=
"c:\\Westwood\\SUN\\PATCHGET.DAT"=
"c:\\Westwood\\SUN\\Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/4/2007 10:55 PM 112688]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:58 PM 135664]
S3 wlags48b;Wireless LAN PCCard Driver;c:\windows\system32\drivers\wlags48b.sys [1/13/2003 5:06 PM 156672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 20:57]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: {{AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-libremp3-uk\index.html
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-e61f5c10-abd6-4853-9888-a9eeecfe2510_31 - c:\documents and settings\Kristina_2\Application Data\e61f5c10-abd6-4853-9888-a9eeecfe2510_31.avi
HKLM-Run-LexStart - (no file)
HKLM-Run-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
HKLM-Run-LogitechCommunicationsManager - c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
AddRemove-Data Protection - c:\program files\Data Protection\Pklkvqdii+`}`



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-25 21:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\wanmpsvc.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-08-25 21:23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 04:23

Pre-Run: 8,362,414,080 bytes free
Post-Run: 8,660,324,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 8815808E940FDA0D84A47AEA03F0A276

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Fri 27 Aug 2010, 7:04 am

There is a dangerous backdoor rootkit on your system. This is a sign of total system compromise.
Rootkits and backdoor trojans are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

  • What danger is presented by rootkits?
  • Rootkits and how to combat them
  • r00tkit Analysis: What Is A Rootkit
I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned.
Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

  • How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  • What Should I Do If I've Become A Victim Of Identity Theft?
  • Identity Theft Victims Guide - What to do

Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim
to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of
action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II
  • Where to draw the line? When to recommend a format and reinstall?
Guides for format and reinstall: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]
However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Sun 29 Aug 2010, 2:54 am

try to clean please

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Sun 29 Aug 2010, 12:33 pm

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Thu 02 Sep 2010, 2:22 pm

2010/09/01 20:20:40.0031 TDSS rootkit removing tool 2.4.1.4 Aug 31 2010 16:55:25
2010/09/01 20:20:40.0031 ================================================================================
2010/09/01 20:20:40.0031 SystemInfo:
2010/09/01 20:20:40.0031
2010/09/01 20:20:40.0031 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/01 20:20:40.0031 Product type: Workstation
2010/09/01 20:20:40.0031 ComputerName: TINA
2010/09/01 20:20:40.0031 UserName: Kristina_2
2010/09/01 20:20:40.0031 Windows directory: C:\WINDOWS
2010/09/01 20:20:40.0031 System windows directory: C:\WINDOWS
2010/09/01 20:20:40.0031 Processor architecture: Intel x86
2010/09/01 20:20:40.0031 Number of processors: 1
2010/09/01 20:20:40.0031 Page size: 0x1000
2010/09/01 20:20:40.0031 Boot type: Normal boot
2010/09/01 20:20:40.0031 ================================================================================
2010/09/01 20:20:40.0734 Initialize success
2010/09/01 20:20:45.0281 ================================================================================
2010/09/01 20:20:45.0281 Scan started
2010/09/01 20:20:45.0281 Mode: Manual;
2010/09/01 20:20:45.0281 ================================================================================
2010/09/01 20:20:48.0171 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/09/01 20:20:48.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/01 20:20:48.0953 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/01 20:20:49.0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/01 20:20:49.0562 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2010/09/01 20:20:49.0765 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/01 20:20:50.0046 AgereSoftModem (55188b7c84a4c5e73e0680f744c4561d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/01 20:20:51.0062 ALCXWDM (97e3a6a6c6cf4a1d58fcd6ead2faa942) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/01 20:20:51.0671 ApfiltrService (71ca37c04f7322ec875856ca81b57214) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/01 20:20:51.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/01 20:20:52.0656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/01 20:20:52.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/01 20:20:53.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/01 20:20:53.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/01 20:20:53.0906 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/09/01 20:20:54.0156 BCM43XX (934d36f1faaf442bac0ef155f849f96c) C:\WINDOWS\system32\DRIVERS\LSBCMNDS.sys
2010/09/01 20:20:54.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/01 20:20:54.0609 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/09/01 20:20:54.0640 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/09/01 20:20:55.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/01 20:20:55.0765 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\System32\CBTNDIS5.SYS
2010/09/01 20:20:55.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/01 20:20:56.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/01 20:20:56.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/01 20:20:56.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/01 20:20:57.0312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/01 20:20:57.0734 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/01 20:20:58.0484 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/09/01 20:20:58.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/01 20:20:58.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/01 20:20:59.0281 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/01 20:20:59.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/01 20:20:59.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/01 20:21:00.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/01 20:21:00.0468 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/01 20:21:00.0734 EPOWER (eb585d2164452f1f9be6cd2a4873dc85) C:\WINDOWS\system32\Drivers\hkdrv.sys
2010/09/01 20:21:00.0953 EraserUtilRebootDrv (0ead5db7508e126a2495d6ff64626c92) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/01 20:21:01.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/01 20:21:01.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/01 20:21:01.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/01 20:21:01.0921 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/01 20:21:02.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/01 20:21:02.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/01 20:21:02.0687 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/01 20:21:02.0890 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/01 20:21:03.0093 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/01 20:21:03.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/01 20:21:03.0765 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/01 20:21:03.0968 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/01 20:21:04.0203 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/01 20:21:04.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/01 20:21:05.0062 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/01 20:21:05.0468 ialm (b652fb9df6345131112ba9351c875b6f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/01 20:21:05.0718 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/01 20:21:06.0171 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/01 20:21:06.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/01 20:21:06.0625 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/01 20:21:06.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/01 20:21:07.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/01 20:21:07.0265 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/01 20:21:07.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/01 20:21:07.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/01 20:21:07.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/01 20:21:08.0187 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/01 20:21:08.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/01 20:21:08.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/01 20:21:09.0609 LVUSBSta (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/09/01 20:21:09.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/01 20:21:10.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/01 20:21:10.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/01 20:21:11.0000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/01 20:21:11.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/01 20:21:11.0718 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/01 20:21:11.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/01 20:21:12.0234 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/09/01 20:21:12.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/01 20:21:12.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/01 20:21:12.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/01 20:21:13.0062 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/01 20:21:13.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/01 20:21:13.0578 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/01 20:21:13.0765 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/01 20:21:13.0968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/01 20:21:14.0265 NAVENG (a6f5ab84104412cd9742e7ee942ea08d) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVENG.SYS
2010/09/01 20:21:14.0625 NAVEX15 (c8069bf95363a58441cb33e4b989dd4f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVEX15.SYS
2010/09/01 20:21:14.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/01 20:21:15.0156 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/01 20:21:15.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/01 20:21:15.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/01 20:21:15.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/01 20:21:16.0031 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/01 20:21:16.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/01 20:21:16.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/01 20:21:16.0765 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/01 20:21:16.0968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/01 20:21:17.0250 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/01 20:21:17.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/01 20:21:17.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/01 20:21:17.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/01 20:21:18.0140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/01 20:21:18.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/01 20:21:18.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/01 20:21:18.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/01 20:21:19.0031 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\System32\PCANDIS5.SYS
2010/09/01 20:21:19.0343 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/01 20:21:19.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/01 20:21:19.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/01 20:21:20.0906 pepifilter (1c23843f1f61a07e2aaaba80136cda19) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/09/01 20:21:21.0609 PID_PEPI (87a74c342b9b291cb013093d5df7b916) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/09/01 20:21:21.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/01 20:21:22.0250 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/01 20:21:22.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/01 20:21:22.0734 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/01 20:21:22.0953 PxHelp20 (8948c3f19a69808610c39db2a8c5f1c7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/09/01 20:21:24.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/01 20:21:24.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/01 20:21:24.0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/01 20:21:24.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/01 20:21:25.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/01 20:21:25.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/01 20:21:25.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/01 20:21:25.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/01 20:21:26.0015 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2010/09/01 20:21:26.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/01 20:21:26.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/01 20:21:26.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/01 20:21:27.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/01 20:21:27.0656 SPBBCDrv (0fde4b4895d4691c4482ca67fa532be0) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/01 20:21:27.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/01 20:21:28.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/01 20:21:28.0328 SRTSP (ed5e9f3bf11d0bb770f652b22ec26465) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/09/01 20:21:28.0593 SRTSPL (c70a2581e35e03c85f29aa1bc723659a) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/09/01 20:21:28.0843 SRTSPX (05f2db228922e6b8a001ed83ee4d1153) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/09/01 20:21:29.0078 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/01 20:21:30.0015 SrvcEKIOMngr (970019198659034220ef39a9fc2bc3f6) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
2010/09/01 20:21:30.0250 SrvcEPIOMngr (6f6b70e24080b663c805ecf7cf4b66d9) C:\WINDOWS\system32\Drivers\EPIoMngr.sys
2010/09/01 20:21:30.0687 SrvcSSIOMngr (5ec69165a76042ddc1f0b81a0bf296c1) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2010/09/01 20:21:30.0890 SrvcTPIOMngr (f4bbf3b676247c7840827b670a7b3135) C:\WINDOWS\system32\Drivers\TPIoMngr.sys
2010/09/01 20:21:31.0109 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/01 20:21:31.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/01 20:21:31.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/01 20:21:32.0265 SYMDNS (a16d76baa5d2cbe45c57fa582c1208e5) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/09/01 20:21:32.0484 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/01 20:21:32.0734 SYMFW (c64d200569a18ea6c676266dee3ac158) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/09/01 20:21:32.0968 SYMIDS (7764d3d7a3c858f04ced3c1f16410d89) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/09/01 20:21:33.0234 SYMNDIS (8522728ac549d31a4762c184187efa68) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/09/01 20:21:33.0437 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/01 20:21:33.0750 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/01 20:21:34.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/01 20:21:34.0453 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\System32\Drivers\Tbiosdrv.sys
2010/09/01 20:21:34.0734 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/01 20:21:34.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/01 20:21:35.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/01 20:21:35.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/01 20:21:35.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/01 20:21:36.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/01 20:21:36.0656 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/01 20:21:36.0843 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/01 20:21:37.0062 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/01 20:21:37.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/01 20:21:37.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/01 20:21:37.0906 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/01 20:21:38.0093 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/01 20:21:38.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/01 20:21:38.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/01 20:21:38.0781 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/01 20:21:39.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/01 20:21:39.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/01 20:21:39.0656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/09/01 20:21:39.0859 wandrv (30211add92098d4b5cfadbf3da01e69b) C:\WINDOWS\system32\DRIVERS\wandrv.sys
2010/09/01 20:21:40.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/01 20:21:40.0640 wlags48b (b55011f2e45462ab168f95673e81af30) C:\WINDOWS\system32\DRIVERS\wlags48b.sys
2010/09/01 20:21:40.0843 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
2010/09/01 20:21:41.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/01 20:21:41.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/01 20:21:41.0562 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/01 20:21:41.0828 {6080A529-897E-4629-A488-ABA0C29B635E} (9595ee81566a9ec4a96a6d5e2533e4f3) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/09/01 20:21:42.0031 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (5cc069889a922ed647145fca8371e545) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/09/01 20:21:42.0281 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (2a79281a3bbded1eee6584af5e0e1c01) C:\WINDOWS\system32\drivers\wA301a.sys
2010/09/01 20:21:42.0359 ================================================================================
2010/09/01 20:21:42.0359 Scan finished
2010/09/01 20:21:42.0359 ================================================================================

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Sat 04 Sep 2010, 3:25 pm

Did it mention it removed anything?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Sun 05 Sep 2010, 9:00 am

nothing removed

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Mon 06 Sep 2010, 7:42 am

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Wed 08 Sep 2010, 3:32 pm

ComboFix 10-09-07.01 - Kristina_2 09/07/2010 20:40:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.269 [GMT -7:00]
Running from: c:\documents and settings\Kristina_2\desktop\combo-fix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Protection.lnk
c:\documents and settings\Kristina\Application Data\SystemProc
c:\documents and settings\Kristina\Desktop\nudetube.com.lnk
c:\documents and settings\Kristina\Desktop\pornotube.com.lnk
c:\documents and settings\Kristina\Desktop\spam001.exe
c:\documents and settings\Kristina\Desktop\spam003.exe
c:\documents and settings\Kristina\Desktop\troj000.exe
c:\documents and settings\Kristina\Desktop\youporn.com.lnk

.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-08-26 04:12 . 2010-08-26 04:12 65616 ----a-w- c:\documents and settings\Kristina_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-25 03:48 . 2010-08-25 03:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 03:34 . 2010-08-25 03:34 -------- d-----w- c:\program files\Common Files\Java
2010-08-25 03:34 . 2010-08-25 03:34 503808 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\msvcp71.dll
2010-08-25 03:34 . 2010-08-25 03:34 499712 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\jmc.dll
2010-08-25 03:34 . 2010-08-25 03:34 348160 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-608b426f-n\msvcr71.dll
2010-08-25 03:34 . 2010-08-25 03:34 12800 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d6466c9-n\decora-d3d.dll
2010-08-25 03:34 . 2010-08-25 03:34 61440 ----a-w- c:\documents and settings\Kristina_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d6466c9-n\decora-sse.dll
2010-08-25 03:33 . 2010-08-25 03:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 03:32 . 2010-08-25 03:32 -------- d-----w- c:\program files\Java
2010-08-21 23:23 . 2010-08-21 23:26 26641904 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-08-21 23:22 . 2010-08-21 23:22 220272 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-21 23:21 . 2010-08-21 23:21 149000 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-21 23:20 . 2010-08-21 23:21 13407072 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-21 23:18 . 2010-08-21 23:18 79368 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-08-21 23:18 . 2010-08-21 23:18 73344 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-21 23:18 . 2010-08-21 23:18 52288 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-21 23:18 . 2010-08-21 23:18 64000 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-21 23:18 . 2010-08-21 23:18 122880 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-20 05:30 . 2010-08-20 05:30 452104 ----a-w- c:\documents and settings\Patrick\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 16:32 . 2003-01-14 17:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-05 16:29 . 2003-01-14 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-25 04:01 . 2003-01-14 01:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-24 14:52 . 2010-06-05 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-24 14:22 . 2010-06-05 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-21 01:24 . 2010-05-23 00:13 924 ----a-w- c:\documents and settings\Kristina_2\Application Data\wklnhst.dat
2010-07-15 01:26 . 2010-07-14 13:58 -------- d-----w- c:\documents and settings\Patrick\Application Data\HpUpdate
2010-07-14 13:58 . 2006-06-14 04:16 -------- d-----w- c:\program files\HP
2010-06-30 12:31 . 2001-10-01 04:08 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2001-10-01 04:08 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-01 04:08 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-01 04:08 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2001-10-01 07:29 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 16:16 . 2010-06-12 17:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-12-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-12-13 114688]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-03-30 122880]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2003-01-16 102400]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2003-01-14 561152]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2002-11-25 172032]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2003-01-23 45056]
"NDSTray.exe"="c:\progra~1\Toshiba\CONFIG~1\NDSTray.exe" [2003-01-18 458752]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PDUiP6210DMon"="c:\program files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe" [2005-05-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-14 185896]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 229376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Drag'n Drop CD+DVD"="c:\program files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-01-09 991232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
path=
backup=
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Westwood\\SUN\\GAME.ICD"=
"c:\\Westwood\\SUN\\PATCHGET.DAT"=
"c:\\Westwood\\SUN\\Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 1:58 PM 135664]
S3 wlags48b;Wireless LAN PCCard Driver;c:\windows\system32\drivers\wlags48b.sys [1/13/2003 5:06 PM 156672]
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 20:57]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: {{AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-libremp3-uk\index.html
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-07 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Apoint2K\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-07 21:27:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 04:27
ComboFix2.txt 2010-08-26 04:23

Pre-Run: 9,155,969,024 bytes free
Post-Run: 9,551,314,944 bytes free

- - End Of File - - 98C6172C636D90FA53511FA65F31B246

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Thu 09 Sep 2010, 8:27 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Sun 12 Sep 2010, 11:32 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7B7F000 \WINDOWS\system32\KDCOM.DLL
0xF7A8F000 \WINDOWS\system32\BOOTVID.dll
0xF7630000 ACPI.sys
0xF7B81000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF761F000 pci.sys
0xF767F000 isapnp.sys
0xF7A93000 compbatt.sys
0xF7A97000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7C47000 pciide.sys
0xF78FF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7B83000 intelide.sys
0xF7601000 pcmcia.sys
0xF768F000 MountMgr.sys
0xF75E2000 ftdisk.sys
0xF7A9B000 ACPIEC.sys
0xF7C48000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF7907000 PartMgr.sys
0xF769F000 VolSnap.sys
0xF75CA000 atapi.sys
0xF76AF000 disk.sys
0xF76BF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75AA000 fltmgr.sys
0xF7598000 sr.sys
0xF790F000 PxHelp20.sys
0xF7581000 KSecDD.sys
0xF74F4000 Ntfs.sys
0xF74C7000 NDIS.sys
0xF76CF000 Combo-Fix.sys
0xF76DF000 ohci1394.sys
0xF76EF000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF74AD000 Mup.sys
0xF788F000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7BA9000 \SystemRoot\System32\Drivers\hkdrv.sys
0xF742D000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7419000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF79C7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF73F5000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF79CF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF789F000 \SystemRoot\System32\DRIVERS\R8139n51.SYS
0xF73CE000 \SystemRoot\System32\DRIVERS\LSBCMNDS.sys
0xF78AF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF79D7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF78BF000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF79DF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF73BA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7B47000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF78CF000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF79E7000 \SystemRoot\system32\drivers\Afc.sys
0xF78DF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF78EF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7397000 \SystemRoot\System32\DRIVERS\ks.sys
0xF79EF000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF72B4000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7290000 \SystemRoot\system32\drivers\portcls.sys
0xF771F000 \SystemRoot\system32\drivers\drmk.sys
0xF7175000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF79F7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7D14000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF777F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B5B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF649E000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF778F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF779F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF79FF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF648D000 \SystemRoot\System32\DRIVERS\psched.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A07000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A0F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7A17000 \SystemRoot\System32\DRIVERS\wanatw4.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7BC1000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6367000 \SystemRoot\System32\DRIVERS\update.sys
0xF7B6B000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF77DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE2D3000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE2B8000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7BC5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7BC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D94000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BCB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A37000 \SystemRoot\System32\drivers\vga.sys
0xF7BCD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BCF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A3F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A47000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF63E9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE235000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE1DC000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE1B4000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE192000 \SystemRoot\System32\drivers\afd.sys
0xF780F000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7DAA000 \SystemRoot\System32\Drivers\TPIoMngr.sys
0xF7BD1000 \SystemRoot\System32\Drivers\SSIoMngr.sys
0xF7BD3000 \SystemRoot\System32\Drivers\EPIoMngr.sys
0xF7BD5000 \SystemRoot\System32\Drivers\EKIoMngr.sys
0xEE167000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEE0F7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF782F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF783F000 \SystemRoot\system32\drivers\wA301a.sys
0xEE0D1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF784F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7A4F000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF63D9000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF785F000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7A57000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF63D5000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF770F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE019000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BDD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE2A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A7F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CCD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xEDF1D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEDD44000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7C33000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDE51000 \SystemRoot\System32\Drivers\DgiVecp.sys
0xEDDC1000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xEDB0D000 \SystemRoot\System32\DRIVERS\srv.sys
0xED800000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDB9C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A67000 \??\C:\DOCUME~1\KRISTI~1\LOCALS~1\Temp\mbr.sys
0xED4C1000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7A1F000 \??\C:\Combo-Fix\catchme.sys
0xF7BF1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7C13000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xECFA4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
612 C:\WINDOWS\system32\smss.exe
660 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
888 C:\WINDOWS\system32\svchost.exe
948 svchost.exe
984 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1148 svchost.exe
1444 C:\WINDOWS\system32\spoolsv.exe
1524 svchost.exe
1556 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1568 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1580 C:\Program Files\Bonjour\mDNSResponder.exe
1656 C:\Program Files\Java\jre6\bin\jqs.exe
1788 C:\WINDOWS\system32\svchost.exe
1924 C:\WINDOWS\wanmpsvc.exe
1144 alg.exe
140 C:\WINDOWS\system32\igfxtray.exe
1648 C:\WINDOWS\system32\hkcmd.exe
1972 C:\Program Files\Apoint2K\Apoint.exe
472 C:\Program Files\Toshiba\Power Management\CePMTray.exe
1324 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
296 C:\Program Files\ltmoh\ltmoh.exe
400 C:\PROGRA~1\Toshiba\CONFIG~1\NDSTray.exe
1100 C:\Program Files\QuickTime\QTTask.exe
1344 C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
112 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
560 C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
252 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2160 C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
2196 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
2244 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2400 C:\Program Files\Apoint2K\ApntEx.exe
3784 C:\Program Files\iPod\bin\iPodService.exe
3800 C:\WINDOWS\explorer.exe
3768 C:\WINDOWS\system32\ctfmon.exe
2488 C:\WINDOWS\system32\svchost.exe
3084 C:\TOSHIBA\ivp\ISM\Ivpsvmgr.exe
3376 C:\WINDOWS\system32\wuauclt.exe
520 C:\Program Files\Internet Explorer\iexplore.exe
3632 C:\Documents and Settings\Kristina_2\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4018GAS, Rev: Q1.03 E

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Mon 13 Sep 2010, 3:39 pm

Does the browser hijacker persist?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by nyerobi on Tue 14 Sep 2010, 2:37 pm

I have seen no evidence of it. Do you think I'm clean????

nyerobi

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2010-08-25
Operating System : 98

View user profile

Back to top Go down

Re: browser hijacker???

Post by DragonMaster Jay on Thu 16 Sep 2010, 1:52 pm

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: browser hijacker???

Post by Sponsored content Today at 11:14 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum