Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

View previous topic View next topic Go down

Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 10th October 2010, 3:30 am

Hello! After McAfee performed some updates this morning, my dad's computer stopped connecting to the internet properly under his user account. Firefox said the proxy settings weren't allowing a connection, yet certain webpages, such as Bank of America and Gmail, did open up. The internet worked fine under the Guest user account. Also, McAfee refused to turn on Real Scanning and kept saying the computer was at risk. We uninstalled and reinstalled McAfee and this seemed to solve that problem (McAfee seems to be running properly now). We uninstalled and reinstalled Firefox as well.

After researching and fiddling all day with the proxy settings, we managed to get the internet working again under his user account. However, I also ran Malwarebytes on his computer and it found 2 Trojan.Agent things, 1 hijack.shell, and 1 hijack.SearchPage thing, which were then quarantined and removed. This is my reason for posting. I want to make sure that whatever was harming the computer is really gone. I updated his computer's Java, Adobe Reader, and performed all the necessary Windows updates. I have posted the OLT log below.

Thank you for your time and any help you can provide!

P.S: I changed the computer's name on the OLT log so I'd be allowed to post this here. I hope that doesn't change anything.

---------------------------------------------

OTL logfile created on: 10/9/2010 10:42:39 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wilfredo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.01 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GATEWAY
Current User Name: Wilfredo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/09 21:53:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.com
PRC - [2010/09/10 21:59:12 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/09/14 21:40:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
PRC - [2004/05/26 20:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe
PRC - [2004/03/26 15:20:28 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 21:53:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.com
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/03/26 15:20:22 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/09/14 21:40:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/09/20 17:10:43 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/07 19:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 19:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/11 22:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/24 13:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/03/26 15:15:40 | 000,180,000 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/09/26 08:26:54 | 000,272,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2003/09/26 08:25:06 | 000,291,712 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/06/30 11:11:52 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/01 06:42:08 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 06:40:56 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 06:38:56 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 06:37:46 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.76
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/09 21:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/09 20:20:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 20:58:32 | 000,000,000 | ---D | M]

[2010/03/25 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Extensions
[2010/03/25 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/09 21:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions
[2010/09/26 14:57:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/31 13:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/26 14:57:35 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2010/04/29 18:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/12 10:07:53 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/10/06 19:08:58 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/05 17:27:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/26 14:57:42 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/10/09 20:43:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/25 20:39:52 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/19 22:10:23 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/08/15 16:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2008/10/12 14:18:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/08/18 19:19:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/03 20:50:16 | 000,000,000 | ---D | M] (Navigational Sounds) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/10/02 09:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010/03/06 17:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\firefox@tvunetworks.com
[2010/09/26 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\foxyproxy@eric.h.jung
[2010/09/22 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\info@priceblink.com
[2009/03/08 01:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\moveplayer@movenetworks.com
[2010/02/25 20:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\noia2_option@kk.noia
[2010/09/12 15:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\personas@christopher.beard
[2010/03/07 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\radiobar@toolbar
[2009/12/12 10:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/12 10:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2008/08/17 18:27:18 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\searchplugins\ask.xml
[2009/05/27 19:21:17 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\searchplugins\mywebsearch.xml
[2010/10/09 21:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/09 20:58:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/10/09 20:57:52 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/09 17:09:28 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101009193807.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.85.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PVR Agent] C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell - "" = AutoRun
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Service

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 10th October 2010, 3:31 am


ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 21:10:33 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.com
[2010/10/09 20:58:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/09 20:58:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/09 20:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/09 20:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/09 20:58:32 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/09 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\Help
[2010/10/09 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\Help
[2010/10/09 19:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/09 19:43:43 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/09 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/09 19:38:04 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/09 19:37:25 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/09 19:37:24 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/09 19:37:24 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/09 19:37:23 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/09 19:37:23 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/09 19:37:22 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/09 19:37:21 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/09 19:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/10/09 19:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/10/09 19:05:32 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/09 14:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\MSNInstaller
[2010/10/09 13:53:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/10/03 14:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync
[2010/10/03 12:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Desktop\Macy's American Express
[2010/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/02 15:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/02 15:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\My Documents\4Easysoft Studio
[2010/10/02 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\4Easysoft Studio
[2010/10/02 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/26 15:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\FireShot
[2010/09/19 18:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/09/19 18:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/09/12 20:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\FixCleaner
[2010/09/12 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2010/09/12 19:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2010/09/12 19:42:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wilfredo\IECompatCache
[2010/09/12 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\Blockbuster
[2010/09/12 18:01:12 | 001,821,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/09 22:28:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 21:53:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.com
[2010/10/09 21:41:57 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 21:41:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2326568991-238852156-3936288368-1007.job
[2010/10/09 21:41:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/09 21:41:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/09 21:41:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 21:41:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 21:41:27 | 502,714,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 21:39:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wilfredo\ntuser.ini
[2010/10/09 21:38:59 | 004,354,048 | ---- | M] () -- C:\Documents and Settings\Wilfredo\ntuser.dat
[2010/10/09 21:36:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/09 21:27:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 20:57:51 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/09 20:57:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/09 20:57:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/09 20:57:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/09 20:57:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/09 20:28:43 | 000,000,803 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/09 20:20:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 20:20:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/09 20:08:03 | 000,057,091 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\bookmarks-2010-10-09.json
[2010/10/09 17:14:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/09 17:00:07 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\Shortcut to SearsPayment2010.lnk
[2010/10/09 13:21:24 | 000,012,771 | ---- | M] () -- C:\WINDOWS\System32\4Easysoft iPhone 4G Manager.seed
[2010/10/09 10:34:36 | 000,501,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/09 10:34:36 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/09 10:34:36 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 21:44:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/04 18:05:55 | 000,000,102 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\AOL Radio.URL
[2010/10/03 14:04:41 | 010,156,885 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync.zip
[2010/10/03 03:30:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegFixPro Scheduled Scan.job
[2010/09/18 17:33:48 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\NetflixOrderFinal.htm
[2010/09/12 18:00:26 | 000,230,176 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\BLOCKBUSTERMovielinkInstall.exe
[2010/09/11 22:24:27 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\iPhone Configuration Utility.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 20:20:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 20:20:17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/09 20:08:02 | 000,057,091 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\bookmarks-2010-10-09.json
[2010/10/09 19:45:36 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/09 17:14:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/09 17:00:07 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\Shortcut to SearsPayment2010.lnk
[2010/10/06 19:26:29 | 004,354,048 | ---- | C] () -- C:\Documents and Settings\Wilfredo\ntuser.dat
[2010/10/04 18:05:55 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\AOL Radio.URL
[2010/10/03 14:02:44 | 010,156,885 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync.zip
[2010/10/02 15:45:20 | 000,012,771 | ---- | C] () -- C:\WINDOWS\System32\4Easysoft iPhone 4G Manager.seed
[2010/09/18 17:33:43 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\NetflixOrderFinal.htm
[2010/09/12 18:00:24 | 000,230,176 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\BLOCKBUSTERMovielinkInstall.exe
[2010/09/06 11:52:39 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2010/09/06 11:52:39 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2010/08/29 19:22:15 | 000,162,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 14:33:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/09 22:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/13 20:36:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Application Data\wklnhst.dat
[2008/10/15 18:49:03 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2008/10/15 18:49:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/10/15 18:48:50 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/15 18:47:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2008/09/28 15:07:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/20 21:02:39 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\fusioncache.dat
[2008/09/14 21:40:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/09/14 18:28:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/27 03:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/05/15 11:13:20 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll
[1999/09/17 19:12:54 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 20:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/23 06:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 06:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 06:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 15:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 15:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 15:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 15:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 15:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 15:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 15:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 15:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 15:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 15:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 15:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 15:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 15:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 15:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 15:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[1999/09/17 19:12:54 | 000,044,344 | ---- | M] () -- C:\WINDOWS\system32\Seqcal.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/03/23 14:13:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/13 21:01:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/03/23 14:13:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/09 21:41:27 | 502,714,368 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/03/23 14:13:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/14 21:32:34 | 000,000,858 | -H-- | M] () -- C:\IPH.PH
[2010/10/09 21:01:01 | 000,008,195 | ---- | M] () -- C:\JavaRa.log
[2010/05/10 21:13:20 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/08/09 11:29:59 | 000,002,303 | ---- | M] () -- C:\mpw_paymentaugust_confirm_thankyou093.asp
[2009/08/09 11:25:12 | 000,002,303 | ---- | M] () -- C:\mpw_payment_confirm_thankyou093.asp.htm
[2005/03/23 14:13:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/14 21:41:34 | 000,000,160 | ---- | M] () -- C:\napster.log
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/17 18:33:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/09 21:41:25 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
[2008/09/14 21:44:15 | 000,000,090 | ---- | M] () -- C:\setup.log
[2008/09/14 21:40:29 | 000,000,191 | ---- | M] () -- C:\touchpad.log
[2008/09/14 21:29:21 | 000,000,002 | RHS- | M] () -- C:\USER
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2010/10/02 15:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\4Easysoft Studio
[2009/04/26 16:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/21 20:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/07 17:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2010/07/05 17:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2009/03/08 00:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2010/10/02 15:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/01 17:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/06/05 19:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\ColorByNumbers
[2010/10/09 19:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/09/14 21:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/08/29 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2010/08/29 19:18:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/09/14 21:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/05/16 14:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/09/14 21:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2010/09/12 19:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2008/09/20 17:10:29 | 000,000,000 | ---D | M] -- C:\Program Files\dvd43
[2010/09/12 20:33:35 | 000,000,000 | ---D | M] -- C:\Program Files\FixCleaner
[2009/05/17 01:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2009/05/16 14:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2008/09/14 21:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2010/10/05 18:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/30 17:02:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/14 21:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/09 17:54:46 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/09/14 21:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/10/02 15:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/02 22:01:01 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/10/02 15:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/07 19:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2010/10/09 21:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/09/14 21:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/05/10 21:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/09 19:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/09 19:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2010/10/09 19:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/10/09 19:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2008/09/17 18:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/19 17:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/02/09 22:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/03/23 14:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/09/14 21:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2005
[2010/02/09 22:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/09/14 21:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 10
[2010/09/06 11:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/09/14 21:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 01:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 00:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/09 14:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/14 21:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2005/03/23 14:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/11/24 19:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/14 21:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2008/09/17 18:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/10/15 18:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2008/10/12 14:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2005/03/23 14:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/05 18:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/05/11 19:59:14 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/02 15:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/15 00:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/19 02:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/05/02 13:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2008/09/14 21:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/09/06 11:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/09/06 11:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel Toolbar
[2010/03/06 17:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2010/10/09 13:53:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/14 21:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/06/14 14:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\VisualTool
[2010/03/21 18:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\vso
[2010/01/03 17:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Wide Angle Software
[2008/10/12 13:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/11 20:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/17 18:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/04 09:21:05 | 000,000,000 | ---D | M] -- C:\Program Files\Winter Fun Pack 2004 for Windows XP
[2009/03/08 00:49:47 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/10/05 18:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\wLite
[2005/03/23 14:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/10/09 17:54:46 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/03/23 06:03:30 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\desktop.ini
[2009/12/13 20:36:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 10:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 15:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/09/17 18:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 15:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 15:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-09 21:59:05
< End of report >

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 10th October 2010, 9:15 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 10th October 2010, 11:06 pm

Here is the OLT log. The program didn't seem to generate an Extras.txt log at all... I put the OLT.exe file on my desktop and it did create an OLT.txt file but no Extras.

-----------------------------------

OTL logfile created on: 10/10/2010 5:51:16 PM - Run 3
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\Wilfredo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 11.31 Gb Free Space | 15.92% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.16% Space Free | Partition Type: FAT32

Computer Name: GATEWAY | User Name: Wilfredo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/10 17:48:51 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.exe
PRC - [2010/09/10 21:59:12 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/09/14 21:40:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
PRC - [2004/05/26 20:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe
PRC - [2004/03/26 15:20:28 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 17:48:51 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.exe
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/03/26 15:20:22 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/09/14 21:40:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/09/20 17:10:43 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/07 19:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 19:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/11 22:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/24 13:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/03/26 15:15:40 | 000,180,000 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/09/26 08:26:54 | 000,272,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2003/09/26 08:25:06 | 000,291,712 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/06/30 11:11:52 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/01 06:42:08 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 06:40:56 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 06:38:56 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 06:37:46 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.76
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.85
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/10 04:54:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/10 17:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 20:58:32 | 000,000,000 | ---D | M]

[2010/03/25 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Extensions
[2010/03/25 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/10 11:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions
[2010/09/26 14:57:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/31 13:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/26 14:57:35 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2010/04/29 18:23:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/12 10:07:53 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2010/10/06 19:08:58 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/05 17:27:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/26 14:57:42 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/10/09 20:43:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/25 20:39:52 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/19 22:10:23 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/08/15 16:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2008/10/12 14:18:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/08/18 19:19:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/03 20:50:16 | 000,000,000 | ---D | M] (Navigational Sounds) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/10/02 09:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010/03/06 17:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\firefox@tvunetworks.com
[2010/09/26 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\foxyproxy@eric.h.jung
[2010/09/22 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\info@priceblink.com
[2009/03/08 01:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\moveplayer@movenetworks.com
[2010/02/25 20:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\noia2_option@kk.noia
[2010/09/12 15:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\personas@christopher.beard
[2010/03/07 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\radiobar@toolbar
[2009/12/12 10:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/12 10:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2008/08/17 18:27:18 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\searchplugins\ask.xml
[2009/05/27 19:21:17 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\searchplugins\mywebsearch.xml
[2010/10/10 11:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/09 20:58:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/10/09 20:57:52 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/10 10:11:22 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101009193807.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.85.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PVR Agent] C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell - "" = AutoRun
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14ce674e-bf0f-11dd-ba60-0003252284d6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dc68c34b-82c8-11dd-b9fe-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dc68c34b-82c8-11dd-b9fe-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 17:48:36 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.exe
[2010/10/09 20:58:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/09 20:58:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/09 20:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/09 20:58:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/09 20:58:32 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/09 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\Help
[2010/10/09 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\Help
[2010/10/09 19:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/09 19:43:43 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/09 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/09 19:38:04 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/09 19:37:25 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/09 19:37:24 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/09 19:37:24 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/09 19:37:23 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/09 19:37:23 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/09 19:37:22 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/09 19:37:21 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/09 19:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/10/09 19:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/10/09 19:05:32 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/09 14:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\MSNInstaller
[2010/10/09 13:53:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/10/03 14:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync
[2010/10/03 12:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Desktop\Macy's American Express
[2010/10/02 15:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/02 15:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/02 15:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\My Documents\4Easysoft Studio
[2010/10/02 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\4Easysoft Studio
[2010/10/02 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/26 15:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\FireShot
[2010/09/19 18:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/09/19 18:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/09/12 20:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Application Data\FixCleaner
[2010/09/12 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2010/09/12 19:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2010/09/12 19:42:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wilfredo\IECompatCache
[2010/09/12 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\Blockbuster
[2010/09/12 18:01:12 | 001,821,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/10 17:48:51 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilfredo\Desktop\OTL.exe
[2010/10/10 17:28:06 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 15:27:45 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/10 14:28:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 03:30:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegFixPro Scheduled Scan.job
[2010/10/09 21:41:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2326568991-238852156-3936288368-1007.job
[2010/10/09 21:41:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/09 21:41:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 21:41:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 21:41:27 | 502,714,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 21:39:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wilfredo\ntuser.ini
[2010/10/09 21:38:59 | 004,354,048 | ---- | M] () -- C:\Documents and Settings\Wilfredo\ntuser.dat
[2010/10/09 21:36:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/09 21:27:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 20:57:51 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/09 20:57:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/09 20:57:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/09 20:57:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/09 20:57:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/09 20:28:43 | 000,000,803 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/09 20:20:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 20:20:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/09 20:08:03 | 000,057,091 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\bookmarks-2010-10-09.json
[2010/10/09 17:14:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/09 17:00:07 | 000,000,404 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\Shortcut to SearsPayment2010.lnk
[2010/10/09 13:21:24 | 000,012,771 | ---- | M] () -- C:\WINDOWS\System32\4Easysoft iPhone 4G Manager.seed
[2010/10/09 10:34:36 | 000,501,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/09 10:34:36 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/09 10:34:36 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 21:44:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/04 18:05:55 | 000,000,102 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\AOL Radio.URL
[2010/10/03 14:04:41 | 010,156,885 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync.zip
[2010/09/18 17:33:48 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\NetflixOrderFinal.htm
[2010/09/12 18:00:26 | 000,230,176 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\BLOCKBUSTERMovielinkInstall.exe
[2010/09/11 22:24:27 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\Wilfredo\Desktop\iPhone Configuration Utility.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 20:20:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 20:20:17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/09 20:08:02 | 000,057,091 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\bookmarks-2010-10-09.json
[2010/10/09 19:45:36 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/09 17:14:48 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/09 17:00:07 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\Shortcut to SearsPayment2010.lnk
[2010/10/06 19:26:29 | 004,354,048 | ---- | C] () -- C:\Documents and Settings\Wilfredo\ntuser.dat
[2010/10/04 18:05:55 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\AOL Radio.URL
[2010/10/03 14:02:44 | 010,156,885 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\ToDoOutlookSync.zip
[2010/10/02 15:45:20 | 000,012,771 | ---- | C] () -- C:\WINDOWS\System32\4Easysoft iPhone 4G Manager.seed
[2010/09/18 17:33:43 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\NetflixOrderFinal.htm
[2010/09/12 18:00:24 | 000,230,176 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Desktop\BLOCKBUSTERMovielinkInstall.exe
[2010/09/06 11:52:39 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2010/09/06 11:52:39 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2010/08/29 19:22:15 | 000,162,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 14:33:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/09 22:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/13 20:36:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Application Data\wklnhst.dat
[2008/10/15 18:49:03 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2008/10/15 18:49:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/10/15 18:48:50 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/15 18:47:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2008/09/28 15:07:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/20 21:02:39 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Wilfredo\Local Settings\Application Data\fusioncache.dat
[2008/09/14 21:40:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/09/14 18:28:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/27 03:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/05/15 11:13:20 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll
[1999/09/17 19:12:54 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys

< End of report >

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 10th October 2010, 11:40 pm

Okay, I found an Extras.txt file but I don't know if it'll be of any help because it's an old one. You see, yesterday I scanned the computer with OLT per the instructions in the "Read this first" post using the binary (I think?) file that downloaded when I clicked the button. At that time, it DID create an Extras.txt file but then I realized the computer had Limewire installed on it. Since I figured I'd be advised to uninstall this program anyway, I went ahead and uninstalled it, deleted the old logs (OLT.txt and Extras.txt) OLT created, and ran a new OLT scan. This 2nd scan's log is the one I posted in my first post but this 2nd scan did NOT create an Extras.txt file, for some reason.

Then you said to run an OLT scan and gave me this new link to the OLT.exe file, so I did as you asked and ran a 3rd scan on the computer using this newly downloaded .exe file. This 3rd scan did not create an Extras.txt file either. I found the Extras.txt file for the very FIRST scan (when Limewire was still installed) still in the Recycle Bin and am posting it in case it is still helpful or would have yielded the same results. Nothing else was changed on the computer at all between the 1st scan and the 2nd/3rd scans except for me uninstalling Limewire. Again, this Extras log is from the 1st OLT scan, not from the most recent one I posted (the 3rd scan).

Thank you again for your help and I apologize if this old log causes any confusion or is completely useless. Thank You!

---------------------------------------------------

OTL Extras logfile created on: 10/9/2010 9:54:43 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wilfredo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 10.97 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GATEWAY
Current User Name: Wilfredo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\WYZO\WYZO.EXE -requestPending -osint -url "%1" File not found
https [open] -- C:\PROGRA~1\WYZO\WYZO.EXE -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- File not found
"C:\tempLimewire\LimeWire.exe" = C:\tempLimewire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Disabled:webcamXP -- File not found
"C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Disabled:webcamXP Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09A8D062-576E-4826-88BA-A89E7A7FD9AA}" = CBN Selector 3
"{11801011-D30E-4120-9A89-9A873B1D72DF}" = Canon MF5700 Series
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{301120E0-45A9-498C-8627-19E7E20EFA3A}" = BurnPlugin for Audible
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BF5F2B1-A6AD-4BB2-94D1-F5D5C9D6C855}" = Canon MF Update Tool
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92B6797-9C07-4E25-AD96-29087D3A2AC2}" = TouchCopy 09
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleManager" = AudibleManager
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_202F161F" = SoftK56 Data Fax
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant PCI Audio" = Conexant AC-Link Audio
"CopyToDVD_is1" = CopyToDVD
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVD43_is1" = DVD43 v4.3.1
"Google Updater" = Google Updater
"InstallShield_{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Picasa 3" = Picasa 3
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"TVUPlayer" = TVUPlayer 2.5.2.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualTool" = VisualTool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2010 8:01:53 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 8:01:54 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 10/9/2010 9:44:41 PM | Computer Name = GATEWAY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 10/9/2010 8:01:13 PM | Computer Name = GATEWAY | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/9/2010 8:17:54 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:17:54 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:17:54 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:17:54 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:17:56 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:17:57 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 8:18:00 PM | Computer Name = GATEWAY | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 10/9/2010 9:42:35 PM | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
McPvDrv

Error - 10/9/2010 9:44:49 PM | Computer Name = GATEWAY | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 11th October 2010, 9:35 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 11th October 2010, 11:06 pm

Done!

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

OTL by OldTimer - Version 3.2.15.0 log created on 10112010_190018

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 11th October 2010, 11:08 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 12th October 2010, 12:15 am

Okay, I ran the scan and the computer is restarting now. I should mention that while the scan was running McAfee popped up this warning:

Potentially Unwanted Program Blocked

Name: RemAdm-VNCView
Quarantined from: C:\Documents and Settings\Wilfredo\LocalSettings\Temp\XX4Bmb9Z.exe.part

It asked to allow or remove it and we went ahead and clicked "Remove" just in case. I've pasted the Malwarebytes log below.

-----------------------------------------


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]



Database version: 4796

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/11/2010 8:05:52 PM
mbam-log-2010-10-11 (20-05-52).txt

Scan type: Quick scan
Objects scanned: 172247
Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\LocalPage (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/)
Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 12th October 2010, 11:28 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 13th October 2010, 1:41 am

Phew! Here's the ComboFix log. By the way, whenever I come to the GeekPolice webpage on the computer I get a message saying that Firefox stopped me from being redirected somewhere else, even after I ran ComboFix. Is that normal or is it part of the problem, I wonder? It doesn't show that warning on my other computer, which has all the same Firefox settings, I believe.

-----------------------

ComboFix 10-10-12.01 - Wilfredo 10/12/2010 20:54:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.206 [GMT -4:00]
Running from: c:\documents and settings\Wilfredo\Desktop\Combo-Fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wilfredo\Application Data\Microsoft\stor.cfg
c:\documents and settings\Wilfredo\GoToAssistDownloadHelper.exe
c:\documents and settings\Wilfredo\Local Settings\Temporary Internet Files\TestBrowser.html
c:\documents and settings\Wilfredo\System
c:\documents and settings\Wilfredo\System\win_qs8.jqx
C:\Install.exe
c:\program files\Downloaded Installers
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\program files\VisualTool\VisualTool.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 00:15 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 00:15 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 00:15 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 00:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 23:00 . 2010-10-11 23:00 -------- d-----w- C:\_OTL
2010-10-10 00:58 . 2010-10-10 00:57 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-10 00:58 . 2010-10-10 00:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-10 00:58 . 2010-10-10 00:57 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-10 00:29 . 2010-10-10 00:29 -------- d-----w- c:\documents and settings\Wilfredo\Local Settings\Application Data\Help
2010-10-09 23:44 . 2010-10-09 23:44 -------- d-----w- c:\program files\McAfeeMOBK
2010-10-09 23:43 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-09 23:42 . 2010-10-09 23:43 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-09 23:38 . 2010-08-24 18:57 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-10-09 23:38 . 2010-08-24 18:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-09 23:37 . 2010-08-24 18:57 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-09 23:37 . 2010-08-24 18:57 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-09 23:37 . 2010-08-24 18:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-09 23:37 . 2010-08-24 18:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-09 23:37 . 2010-08-24 18:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-09 23:37 . 2010-08-24 18:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-09 23:37 . 2010-08-24 18:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-09 23:36 . 2010-10-09 23:39 -------- d-----w- c:\program files\Common Files\Mcafee
2010-10-09 23:36 . 2010-10-09 23:36 -------- d-----w- c:\program files\McAfee.com
2010-10-09 23:05 . 2010-08-24 18:57 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-09 21:13 . 2010-10-09 21:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-10-09 18:42 . 2010-10-09 18:43 -------- d-----w- c:\documents and settings\Wilfredo\Application Data\MSNInstaller
2010-10-09 18:24 . 2010-10-09 18:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-09 18:02 . 2010-10-09 21:25 -------- d-----w- c:\documents and settings\TEMP
2010-10-02 19:52 . 2010-10-02 19:52 -------- d-----w- c:\program files\iPod
2010-10-02 19:23 . 2010-10-02 19:23 -------- d-----w- c:\program files\4Easysoft Studio
2010-10-02 19:16 . 2010-10-02 19:16 -------- d-----w- c:\program files\Bonjour
2010-09-26 19:09 . 2010-09-26 21:50 -------- d-----w- c:\documents and settings\Wilfredo\Application Data\FireShot
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-19 22:57 . 2010-09-09 14:16 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-09-19 22:57 . 2010-09-09 14:16 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-18 16:23 . 2010-09-18 16:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:57 . 2010-10-09 23:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 499712]
"SunKist"="c:\program files\Digital Media Reader\shwicon2k.exe" [2004-05-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-11 1193848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files\McAfee Online Backup\MOBKstat.exe [2010-4-13 3045176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/9/2010 7:37 PM 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [10/9/2010 7:43 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/9/2010 7:38 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/9/2010 7:05 PM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/9/2010 7:37 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/9/2010 7:37 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 7:37 PM 88544]
S0 McPvDrv;McPvDrv Driver; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 2:23 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 7:37 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/9/2010 7:37 PM 84264]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/23/2005 12:52 PM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 21:50]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 18:22]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PVR Agent - c:\program files\V-Stream\PVR Plus\TVR\Scheduled.exe
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1844)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-12 21:35:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 01:35

Pre-Run: 17,570,967,552 bytes free
Post-Run: 21,157,556,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BFD2A1C20D12695930D78CFFB50CA510

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 13th October 2010, 9:04 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:50370

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 13th October 2010, 10:57 pm

I did as you said and ComboFix popped up a window saying there's a new ComboFix version available and asking if I want to update. Should I say yes or should I redownload and rename it again from the link you gave me...?

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 13th October 2010, 11:22 pm

Allow it to download the new update then.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 13th October 2010, 11:47 pm

ComboFix 10-10-12.03 - Wilfredo 10/13/2010 19:17:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.240 [GMT -4:00]
Running from: c:\documents and settings\Wilfredo\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Wilfredo\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 00:15 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 00:15 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 00:15 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 00:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 23:00 . 2010-10-11 23:00 -------- d-----w- C:\_OTL
2010-10-10 00:58 . 2010-10-10 00:57 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-10 00:58 . 2010-10-10 00:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-10 00:58 . 2010-10-10 00:57 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-10 00:29 . 2010-10-10 00:29 -------- d-----w- c:\documents and settings\Wilfredo\Local Settings\Application Data\Help
2010-10-09 23:44 . 2010-10-09 23:44 -------- d-----w- c:\program files\McAfeeMOBK
2010-10-09 23:43 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-09 23:42 . 2010-10-09 23:43 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-09 23:38 . 2010-08-24 18:57 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-10-09 23:38 . 2010-08-24 18:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-09 23:37 . 2010-08-24 18:57 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-09 23:37 . 2010-08-24 18:57 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-09 23:37 . 2010-08-24 18:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-09 23:37 . 2010-08-24 18:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-09 23:37 . 2010-08-24 18:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-09 23:37 . 2010-08-24 18:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-09 23:37 . 2010-08-24 18:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-09 23:36 . 2010-10-09 23:39 -------- d-----w- c:\program files\Common Files\Mcafee
2010-10-09 23:36 . 2010-10-09 23:36 -------- d-----w- c:\program files\McAfee.com
2010-10-09 23:05 . 2010-08-24 18:57 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-09 21:13 . 2010-10-09 21:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-10-09 18:42 . 2010-10-09 18:43 -------- d-----w- c:\documents and settings\Wilfredo\Application Data\MSNInstaller
2010-10-09 18:24 . 2010-10-09 18:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-09 18:02 . 2010-10-09 21:25 -------- d-----w- c:\documents and settings\TEMP
2010-10-02 19:52 . 2010-10-02 19:52 -------- d-----w- c:\program files\iPod
2010-10-02 19:23 . 2010-10-02 19:23 -------- d-----w- c:\program files\4Easysoft Studio
2010-10-02 19:16 . 2010-10-02 19:16 -------- d-----w- c:\program files\Bonjour
2010-09-26 19:09 . 2010-09-26 21:50 -------- d-----w- c:\documents and settings\Wilfredo\Application Data\FireShot
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-19 22:57 . 2010-09-09 14:16 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-09-19 22:57 . 2010-09-09 14:16 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-18 16:23 . 2010-09-18 16:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:57 . 2010-10-09 23:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 499712]
"SunKist"="c:\program files\Digital Media Reader\shwicon2k.exe" [2004-05-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-11 1193848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files\McAfee Online Backup\MOBKstat.exe [2010-4-13 3045176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/9/2010 7:37 PM 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [10/9/2010 7:43 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 7:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/9/2010 7:38 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/9/2010 7:05 PM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/9/2010 7:37 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/9/2010 7:37 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 7:37 PM 88544]
S0 McPvDrv;McPvDrv Driver; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 2:23 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 7:37 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/9/2010 7:37 PM 84264]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/23/2005 12:52 PM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 21:50]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 18:22]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 18:22]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-13 19:41:06
ComboFix-quarantined-files.txt 2010-10-13 23:40
ComboFix2.txt 2010-10-13 01:35

Pre-Run: 21,154,734,080 bytes free
Post-Run: 21,136,134,144 bytes free

- - End Of File - - F11C82F1D2617322F5E1807A7183D1B3

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 14th October 2010, 11:22 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 14th October 2010, 11:51 pm

I tried uninstalling ComboFix the way you said but a message popped up saying the application was not found or something. Then McAfee (which I had turned back on after running ComboFix) popped up saying a trojan was removed and it turned out to be the Combo-Fix.exe file on the desktop. Does that mean it was uninstalled by McAfee or do I still need to find a way to uninstall it...?

I'm running the ESET scan now. Thanks again for all the help!

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 15th October 2010, 3:46 am

I tried to run the ESET Online Scanner 4 times but it keeps getting stuck on files in the My Documents folder, for some reason. The timer keeps moving but it just stays stuck on a single file. Is that normal? The first 2 times it got stuck on really small PDF files, the 3rd time on a file called dotnetfx.exe, and the last time on one called desktop.ini. I even tried moving those files out of the My Documents folder into a new folder on the desktop but it would just get stuck on another file inside that folder.

The first scan did yield 2 threats before I stopped it after it seemed to go on forever, so I'm posting the log for that 1st incomplete scan (only got to 23%) below. Is there something else I can do or some other scanner I should use?

------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d1d538a8bd96bb489eec25a55f515d01
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-15 12:47:54
# local_time=2010-10-14 08:47:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 346786 14840190 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=30196
# found=2
# cleaned=2
# scan_time=2776
C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\foxyproxy@eric.h.jung\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\personas@christopher.beard\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d1d538a8bd96bb489eec25a55f515d01
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-15 01:19:43
# local_time=2010-10-14 09:19:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 349719 14843123 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=30198
# found=0
# cleaned=0
# scan_time=1749

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 15th October 2010, 6:05 am

After moving all the files in the My Documents folder into a new folder and making that folder be scanned last, the scan managed to get to 46% but got stuck again when it got to that PDF file (it weirds me out because it's such a small file! Only 154 kb, it says!). This time it found 4 more items.

-------------------

esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d1d538a8bd96bb489eec25a55f515d01
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-15 05:48:44
# local_time=2010-10-15 01:48:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 361376 14854780 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=90470
# found=4
# cleaned=4
# scan_time=6236
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP418\A0066753.exe a variant of

Win32/Kryptik.GYB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP419\A0066817.exe

Win32/TrojanDownloader.Agent.QGR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000

C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP422\A0067458.exe a variant of

Win32/Kryptik.HAK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP425\A0068477.exe a variant of

Win32/Kryptik.HBB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 15th October 2010, 10:54 pm

Okay good, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 15th October 2010, 11:59 pm

The computer seemed to be running about the same as always (it's always been kind of slow). Does that mean it's okay now, even if it only went to 46%...? I noticed it scanned the C drive alphabetically, so what I did was put all the files in the My Documents folder that weren't a text file in a new folder and named it something starting with Z so it would be scanned last (so it scanned Program Files, Windows, and all those other folders, as far as I know). Is there any way to be sure it got all of them or that they won't return?

Also, the thing where Firefox says it prevented the page from automatically redirecting somewhere else and gives an option to Allow the redirect still pops up when I try to visit GeekPolice and yet that doesn't happen with our other computers that use Firefox. Is that related to that at all...?

Thanks again!

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 16th October 2010, 11:59 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 17th October 2010, 12:11 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:08 on 16/10/2010 (Wilfredo)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files\MyWebSearch\bar\firefox" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:20 10/10/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [00:58 10/10/2010]

C:\Documents and Settings\Wilfredo\Application Data\Mozilla\Firefox\Profiles\hss5gmpj.default\extensions\
[You must be registered and logged in to see this link.] [13:21 02/10/2010]
[You must be registered and logged in to see this link.] [20:49 06/03/2010]
[You must be registered and logged in to see this link.] [18:57 26/09/2010]
[You must be registered and logged in to see this link.] [23:18 22/09/2010]
[You must be registered and logged in to see this link.] [05:16 08/03/2009]
[You must be registered and logged in to see this link.] [00:39 26/02/2010]
[You must be registered and logged in to see this link.] [19:58 12/09/2010]
radiobar@toolbar [22:25 07/03/2010]
{0b457cAA-602d-484a-8fe7-c1d894a011ba} [18:57 26/09/2010]
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [17:21 31/12/2009]
{1f91cde0-c040-11da-a94d-0800200c9a66} [18:57 26/09/2010]
{20a82645-c095-46ed-80e3-08825760534b} [22:23 29/04/2010]
{285da7e0-729d-11db-9fe1-0800200c9a66} [14:07 12/12/2009]
{340c2bbc-ce74-4362-90b5-7c26312808ef} [23:08 06/10/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [21:27 05/07/2010]
{6e73f6b7-b9ab-44b8-b744-6393e3c2e351} [18:57 26/09/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [00:43 10/10/2010]
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [00:39 26/02/2010]
{BF32D2C8-9C75-404b-ACF4-880DB4679236} [02:10 20/01/2010]
{ca0849e8-2c76-42ae-9abe-34e14d337acf} [20:34 15/08/2010]
{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [18:18 12/10/2008]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [23:19 18/08/2010]
{d84a846d-f7cb-4187-a408-b171020e8940} [00:50 04/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04:48 15/08/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [23:44 09/10/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:57 10/10/2010]

-=E.O.F=-

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 19th October 2010, 4:07 am

Bump?

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 19th October 2010, 11:26 pm

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 20th October 2010, 1:43 am

Here's the MBRCheck log! Also, McAfee ran its automatic scan today and it said it found a virus but then when I looked at the security report there was no virus and instead it only cited 1 Potentially Unwanted Program, though it wouldn't show which (it now says 4 viruses have been found since the very first scan way back when we first downloaded it and then when I click to see more details it just says there were 0 viruses but 3 trojans and 1 potentially unwanted program).

Since I still have GooredFix and OTL on the Desktop, do you think McAfee might just be showing one of them as a "virus"? We have not used this computer at all for anything other than what you have asked us to do since we began this whole process, so it was weird to see there was a virus out of nowhere.

----------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A89000 \WINDOWS\system32\KDCOM.DLL
0xF7999000 \WINDOWS\system32\BOOTVID.dll
0xF753A000 ACPI.sys
0xF7A8B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7529000 pci.sys
0xF7589000 isapnp.sys
0xF799D000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF79A1000 compbatt.sys
0xF79A5000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B52000 pciide.sys
0xF7809000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8D000 aliide.sys
0xF7A8F000 intelide.sys
0xF7A91000 toside.sys
0xF7A93000 viaide.sys
0xF7A95000 cmdide.sys
0xF750B000 pcmcia.sys
0xF7599000 MountMgr.sys
0xF74EC000 ftdisk.sys
0xF7811000 PartMgr.sys
0xF75A9000 VolSnap.sys
0xF79A9000 cpqarray.sys
0xF74D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74BC000 atapi.sys
0xF79AD000 aha154x.sys
0xF7819000 sparrow.sys
0xF79B1000 symc810.sys
0xF75B9000 aic78xx.sys
0xF79B5000 dac960nt.sys
0xF75C9000 ql10wnt.sys
0xF79B9000 amsint.sys
0xF7821000 asc.sys
0xF79BD000 asc3550.sys
0xF7829000 mraid35x.sys
0xF7831000 i2omp.sys
0xF79C1000 ini910u.sys
0xF75D9000 ql1240.sys
0xF75E9000 aic78u2.sys
0xF7839000 symc8xx.sys
0xF7841000 sym_hi.sys
0xF7849000 sym_u3.sys
0xF7851000 ABP480N5.SYS
0xF7859000 asc3350p.sys
0xF7A97000 cd20xrnt.sys
0xF75F9000 ultra.sys
0xF74A3000 adpu160m.sys
0xF7861000 dpti2o.sys

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 20th October 2010, 11:25 pm

Hello.
I think the may have have been cut off, please make sure you post it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 20th October 2010, 11:43 pm

Sorry about that! For some reason, that's all it gave me, so I ran it again and the new log did have more information. Crossing my fingers that there's nothing wrong anymore!

P.S: I think I figured out the whole Firefox stopping automatic redirections. Apparently, that option (showing when it stops automatic redirects) was checked on the computer we're working on but not on the other ones in our house, so that's why it seemed like only this one was doing that.

--------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A49000 \WINDOWS\system32\KDCOM.DLL
0xF7959000 \WINDOWS\system32\BOOTVID.dll
0xF74FA000 ACPI.sys
0xF7A4B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74E9000 pci.sys
0xF7549000 isapnp.sys
0xF795D000 ACPIEC.sys
0xF7B11000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7961000 compbatt.sys
0xF7965000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B12000 pciide.sys
0xF77C9000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A4D000 aliide.sys
0xF7A4F000 intelide.sys
0xF7A51000 toside.sys
0xF7A53000 viaide.sys
0xF7A55000 cmdide.sys
0xF74CB000 pcmcia.sys
0xF7559000 MountMgr.sys
0xF74AC000 ftdisk.sys
0xF77D1000 PartMgr.sys
0xF7569000 VolSnap.sys
0xF7969000 cpqarray.sys
0xF7494000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF747C000 atapi.sys
0xF796D000 aha154x.sys
0xF77D9000 sparrow.sys
0xF7971000 symc810.sys
0xF7579000 aic78xx.sys
0xF7975000 dac960nt.sys
0xF7589000 ql10wnt.sys
0xF7979000 amsint.sys
0xF77E1000 asc.sys
0xF797D000 asc3550.sys
0xF77E9000 mraid35x.sys
0xF77F1000 i2omp.sys
0xF7981000 ini910u.sys
0xF7599000 ql1240.sys
0xF75A9000 aic78u2.sys
0xF77F9000 symc8xx.sys
0xF7801000 sym_hi.sys
0xF7809000 sym_u3.sys
0xF7811000 ABP480N5.SYS
0xF7819000 asc3350p.sys
0xF7A57000 cd20xrnt.sys
0xF75B9000 ultra.sys
0xF7463000 adpu160m.sys
0xF7821000 dpti2o.sys
0xF75C9000 ql1080.sys
0xF75D9000 ql1280.sys
0xF75E9000 ql12160.sys
0xF7829000 perc2.sys
0xF7A59000 perc2hib.sys
0xF7831000 hpn.sys
0xF7985000 cbidf2k.sys
0xF7437000 dac2w2k.sys
0xF75F9000 disk.sys
0xF7609000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7417000 fltmgr.sys
0xF7405000 sr.sys
0xF73A8000 mfehidk.sys
0xF7619000 PxHelp20.sys
0xF7391000 KSecDD.sys
0xF737E000 WudfPf.sys
0xF72F1000 Ntfs.sys
0xF72C4000 NDIS.sys
0xF7629000 sisagp.sys
0xF7639000 viaagp.sys
0xF7649000 ohci1394.sys
0xF7659000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72AA000 Mup.sys
0xF7669000 agp440.sys
0xF7679000 alim1541.sys
0xF7689000 amdagp.sys
0xF7699000 agpCPQ.sys
0xF6CFD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF66F7000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF66E3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7919000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF66BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7921000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6664000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6CDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7929000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6638000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A8F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7931000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6CCD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7939000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6CBD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6615000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7941000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF65D2000 \SystemRoot\system32\drivers\camchal.sys
0xF658A000 \SystemRoot\system32\drivers\camcaud.sys
0xF6566000 \SystemRoot\system32\drivers\portcls.sys
0xF7709000 \SystemRoot\system32\drivers\drmk.sys
0xF653D000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF642E000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6395000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7949000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71C2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BBF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6381000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7719000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF636A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7729000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7739000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7951000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6359000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7749000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6335000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF62EA000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7841000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7859000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7769000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7779000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6264000 \SystemRoot\system32\DRIVERS\update.sys
0xF671A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7789000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE1A4000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE186000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF77A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A31000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE0D3000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7BB1000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7BB4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7A9B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7869000 \SystemRoot\System32\drivers\vga.sys
0xF7A9F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7871000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7879000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A41000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE0A0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE047000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE034000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEE00E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDFE6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF725A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDFC4000 \SystemRoot\System32\drivers\afd.sys
0xF724A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDF99000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF29000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF722A000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDE8D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDE75000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A71000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF62CE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78F9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C88000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDD51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDAD8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED968000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDA90000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDEE9000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED29B000 \SystemRoot\System32\Drivers\HTTP.sys
0xED4AC000 \SystemRoot\system32\drivers\cfwids.sys
0xED0CD000 \SystemRoot\system32\drivers\mfeapfk.sys
0xED1B3000 \SystemRoot\system32\drivers\mfebopk.sys
0xECFD1000 \SystemRoot\system32\drivers\wdmaud.sys
0xED5B8000 \SystemRoot\system32\drivers\sysaudio.sys
0xECEA5000
0xECF10000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1200 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1336 C:\WINDOWS\system32\svchost.exe
1376 C:\WINDOWS\system32\svchost.exe
1424 svchost.exe
1504 svchost.exe
1856 C:\WINDOWS\system32\spoolsv.exe
1964 svchost.exe
1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2008 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\WINDOWS\system32\CTSVCCDA.EXE
524 C:\Program Files\Java\jre6\bin\jqs.exe
612 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 22nd October 2010, 12:19 am

Hello.
Try attaching the log please, it got cut off again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 22nd October 2010, 12:43 am

Sorry about that! I don't know why it kept happening but I think I FINALLY got it this time, hopefully. I'm concerned about the last part... I hope it's fixable. Sad tearing

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A49000 \WINDOWS\system32\KDCOM.DLL
0xF7959000 \WINDOWS\system32\BOOTVID.dll
0xF74FA000 ACPI.sys
0xF7A4B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74E9000 pci.sys
0xF7549000 isapnp.sys
0xF795D000 ACPIEC.sys
0xF7B11000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7961000 compbatt.sys
0xF7965000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B12000 pciide.sys
0xF77C9000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A4D000 aliide.sys
0xF7A4F000 intelide.sys
0xF7A51000 toside.sys
0xF7A53000 viaide.sys
0xF7A55000 cmdide.sys
0xF74CB000 pcmcia.sys
0xF7559000 MountMgr.sys
0xF74AC000 ftdisk.sys
0xF77D1000 PartMgr.sys
0xF7569000 VolSnap.sys
0xF7969000 cpqarray.sys
0xF7494000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF747C000 atapi.sys
0xF796D000 aha154x.sys
0xF77D9000 sparrow.sys
0xF7971000 symc810.sys
0xF7579000 aic78xx.sys
0xF7975000 dac960nt.sys
0xF7589000 ql10wnt.sys
0xF7979000 amsint.sys
0xF77E1000 asc.sys
0xF797D000 asc3550.sys
0xF77E9000 mraid35x.sys
0xF77F1000 i2omp.sys
0xF7981000 ini910u.sys
0xF7599000 ql1240.sys
0xF75A9000 aic78u2.sys
0xF77F9000 symc8xx.sys
0xF7801000 sym_hi.sys
0xF7809000 sym_u3.sys
0xF7811000 ABP480N5.SYS
0xF7819000 asc3350p.sys
0xF7A57000 cd20xrnt.sys
0xF75B9000 ultra.sys
0xF7463000 adpu160m.sys
0xF7821000 dpti2o.sys
0xF75C9000 ql1080.sys
0xF75D9000 ql1280.sys
0xF75E9000 ql12160.sys
0xF7829000 perc2.sys
0xF7A59000 perc2hib.sys
0xF7831000 hpn.sys
0xF7985000 cbidf2k.sys
0xF7437000 dac2w2k.sys
0xF75F9000 disk.sys
0xF7609000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7417000 fltmgr.sys
0xF7405000 sr.sys
0xF73A8000 mfehidk.sys
0xF7619000 PxHelp20.sys
0xF7391000 KSecDD.sys
0xF737E000 WudfPf.sys
0xF72F1000 Ntfs.sys
0xF72C4000 NDIS.sys
0xF7629000 sisagp.sys
0xF7639000 viaagp.sys
0xF7649000 ohci1394.sys
0xF7659000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72AA000 Mup.sys
0xF7669000 agp440.sys
0xF7679000 alim1541.sys
0xF7689000 amdagp.sys
0xF7699000 agpCPQ.sys
0xF6D53000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6642000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF662E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF660A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF65AF000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6D43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6583000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A89000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7901000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6D33000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7909000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6D23000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6D13000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6560000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7911000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF651D000 \SystemRoot\system32\drivers\camchal.sys
0xF64D5000 \SystemRoot\system32\drivers\camcaud.sys
0xF64B1000 \SystemRoot\system32\drivers\portcls.sys
0xF6D03000 \SystemRoot\system32\drivers\drmk.sys
0xF6488000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6379000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF62E0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7921000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BB4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF62CC000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF6CF3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6CE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7929000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF62A4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7709000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6280000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6235000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7931000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7939000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7729000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7739000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A97000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61AF000 \SystemRoot\system32\DRIVERS\update.sys
0xF666D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7749000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE117000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE0F9000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF7769000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A29000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE01E000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7BA1000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7BA2000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7A9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BA5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7949000 \SystemRoot\System32\drivers\vga.sys
0xF7AA1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7951000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7841000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A35000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDFEB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDF92000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDF7F000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEDF59000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDF31000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDE97000 \SystemRoot\System32\drivers\afd.sys
0xF729A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDE6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDDFC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF727A000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDDD8000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDDC0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A73000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF621D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7919000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C56000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDCA0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDA23000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED8B3000 \SystemRoot\system32\DRIVERS\srv.sys
0xED9FB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDEE1000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED3F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xED503000 \SystemRoot\system32\drivers\sysaudio.sys
0xECCFA000 \SystemRoot\System32\Drivers\HTTP.sys
0xECDE3000 \SystemRoot\system32\drivers\cfwids.sys
0xECC6C000 \SystemRoot\system32\drivers\mfeapfk.sys
0xECD63000 \SystemRoot\system32\drivers\mfebopk.sys
0xEDD08000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBE24000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
908 C:\WINDOWS\system32\smss.exe
964 csrss.exe
988 C:\WINDOWS\system32\winlogon.exe
1032 C:\WINDOWS\system32\services.exe
1044 C:\WINDOWS\system32\lsass.exe
1208 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1340 C:\WINDOWS\system32\svchost.exe
1380 C:\WINDOWS\system32\svchost.exe
1436 svchost.exe
1508 svchost.exe
1860 C:\WINDOWS\system32\spoolsv.exe
1964 svchost.exe
1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2008 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\WINDOWS\system32\CTSVCCDA.EXE
388 C:\Program Files\Java\jre6\bin\jqs.exe
536 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
700 C:\WINDOWS\system32\mfevtps.exe
804 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
1688 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
220 C:\WINDOWS\system32\svchost.exe
252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
660 C:\WINDOWS\system32\svchost.exe
856 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
1228 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
244 C:\WINDOWS\system32\wuauclt.exe
2936 C:\WINDOWS\explorer.exe
3380 alg.exe
3612 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3748 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3860 C:\Program Files\Digital Media Reader\shwicon2k.exe
3868 C:\WINDOWS\system32\igfxtray.exe
3880 C:\WINDOWS\system32\hkcmd.exe
3888 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3896 C:\Program Files\QuickTime\QTTask.exe
3528 C:\Program Files\iTunes\iTunesHelper.exe
3244 C:\Program Files\McAfee.com\Agent\mcagent.exe
3492 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
3196 C:\Program Files\Messenger\msmsgs.exe
3824 C:\Program Files\McAfee Online Backup\MOBKstat.exe
3372 C:\Program Files\iPod\bin\iPodService.exe
3764 C:\Program Files\Mozilla Firefox\firefox.exe
3024 C:\Documents and Settings\Wilfredo\Desktop\MBRCheck.exe
416 C:\WINDOWS\system32\notepad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`e2031a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HTS421280H9AT00, Rev: HA3OA70G

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E5086C2D0EC55D3A4046281BC5165E3048A0F1DA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 22nd October 2010, 11:55 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 23rd October 2010, 4:53 am

Here's the log for the TDSSKiller scan! It said no threats were found, so I hope that's what this log shows. *crossing fingers!* Thanks again!

-----------------------------------

2010/10/23 00:48:48.0750 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 00:48:48.0750 ================================================================================
2010/10/23 00:48:48.0750 SystemInfo:
2010/10/23 00:48:48.0750
2010/10/23 00:48:48.0750 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/23 00:48:48.0750 Product type: Workstation
2010/10/23 00:48:48.0750 ComputerName: GATEWAY
2010/10/23 00:48:48.0750 UserName: Wilfredo
2010/10/23 00:48:48.0750 Windows directory: C:\WINDOWS
2010/10/23 00:48:48.0750 System windows directory: C:\WINDOWS
2010/10/23 00:48:48.0750 Processor architecture: Intel x86
2010/10/23 00:48:48.0750 Number of processors: 2
2010/10/23 00:48:48.0750 Page size: 0x1000
2010/10/23 00:48:48.0750 Boot type: Normal boot
2010/10/23 00:48:48.0750 ================================================================================
2010/10/23 00:48:49.0875 Initialize success
2010/10/23 00:48:57.0625 ================================================================================
2010/10/23 00:48:57.0625 Scan started
2010/10/23 00:48:57.0625 Mode: Manual;
2010/10/23 00:48:57.0625 ================================================================================
2010/10/23 00:49:03.0203 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/23 00:49:03.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 00:49:03.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/23 00:49:03.0781 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/23 00:49:04.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 00:49:04.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 00:49:04.0343 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/23 00:49:04.0390 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/23 00:49:04.0453 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/23 00:49:04.0828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/23 00:49:05.0046 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/23 00:49:05.0421 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/23 00:49:05.0656 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/23 00:49:05.0734 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/23 00:49:05.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/23 00:49:06.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/23 00:49:06.0234 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/23 00:49:06.0437 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/23 00:49:06.0734 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/23 00:49:07.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 00:49:07.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 00:49:07.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 00:49:07.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 00:49:07.0500 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/23 00:49:07.0718 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/23 00:49:08.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 00:49:08.0265 CAMCAUD (631fb586a927969147d706c8e09babb3) C:\WINDOWS\system32\drivers\camcaud.sys
2010/10/23 00:49:08.0484 CAMCHALA (d0331a53dcfd06d9fa33dfe1d4393c2b) C:\WINDOWS\system32\drivers\camchal.sys
2010/10/23 00:49:09.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/23 00:49:09.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 00:49:09.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/23 00:49:09.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 00:49:09.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 00:49:09.0750 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/10/23 00:49:10.0234 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/10/23 00:49:10.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 00:49:10.0718 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/23 00:49:11.0125 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/23 00:49:11.0343 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/23 00:49:11.0390 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/23 00:49:11.0453 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/23 00:49:11.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/23 00:49:11.0593 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/23 00:49:11.0875 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 00:49:12.0109 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 00:49:12.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 00:49:12.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 00:49:12.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 00:49:12.0562 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/23 00:49:12.0609 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 00:49:12.0718 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2010/10/23 00:49:13.0062 EMCFILT (3fb7b6b029db71435101adce5f5e09fc) C:\WINDOWS\System32\Drivers\EMcFilt.sys
2010/10/23 00:49:13.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 00:49:13.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 00:49:13.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 00:49:13.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 00:49:13.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/23 00:49:13.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 00:49:14.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 00:49:14.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/23 00:49:15.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 00:49:16.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 00:49:16.0437 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/23 00:49:17.0234 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/10/23 00:49:18.0296 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/23 00:49:19.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 00:49:19.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/23 00:49:19.0562 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/23 00:49:20.0062 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/23 00:49:20.0796 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/23 00:49:21.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 00:49:22.0953 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/23 00:49:23.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 00:49:23.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 00:49:23.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/23 00:49:24.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 00:49:24.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 00:49:24.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 00:49:24.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 00:49:24.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 00:49:25.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 00:49:25.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 00:49:25.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 00:49:25.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 00:49:26.0187 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/23 00:49:26.0828 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/23 00:49:27.0843 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/23 00:49:28.0578 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/23 00:49:29.0437 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/23 00:49:30.0203 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/23 00:49:31.0031 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/23 00:49:31.0515 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/23 00:49:31.0953 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/23 00:49:32.0562 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/10/23 00:49:33.0078 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/10/23 00:49:33.0890 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/23 00:49:34.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 00:49:34.0843 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2010/10/23 00:49:36.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 00:49:36.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 00:49:36.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/23 00:49:37.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 00:49:37.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/23 00:49:37.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 00:49:38.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 00:49:38.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 00:49:38.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 00:49:38.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 00:49:39.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 00:49:39.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 00:49:39.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 00:49:39.0375 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2010/10/23 00:49:39.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 00:49:39.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 00:49:40.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 00:49:40.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 00:49:40.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 00:49:40.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 00:49:40.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 00:49:40.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/23 00:49:40.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 00:49:40.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 00:49:41.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 00:49:41.0343 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 00:49:41.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 00:49:41.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 00:49:42.0015 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/23 00:49:42.0078 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/23 00:49:42.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/23 00:49:42.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 00:49:42.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 00:49:42.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 00:49:42.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 00:49:42.0843 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/23 00:49:42.0937 Pcouffin (e35bbe95051ce765b874ae5419e49e1d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/10/23 00:49:43.0453 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/23 00:49:43.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/23 00:49:44.0031 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 00:49:44.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 00:49:44.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 00:49:44.0203 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 00:49:44.0265 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/23 00:49:44.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/23 00:49:44.0359 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/23 00:49:44.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/23 00:49:44.0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/23 00:49:44.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 00:49:44.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 00:49:45.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 00:49:45.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 00:49:45.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 00:49:45.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 00:49:45.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 00:49:45.0718 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 00:49:46.0015 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 00:49:46.0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 00:49:46.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/23 00:49:47.0031 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 00:49:47.0187 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/23 00:49:47.0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/23 00:49:47.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 00:49:47.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 00:49:47.0703 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 00:49:47.0843 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/10/23 00:49:48.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 00:49:48.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 00:49:48.0921 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/23 00:49:49.0468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/23 00:49:49.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/23 00:49:50.0000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/23 00:49:50.0437 SynTP (b6396adc5b0aa50e20e7a7169843af59) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/23 00:49:50.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 00:49:51.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 00:49:51.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 00:49:51.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 00:49:51.0437 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 00:49:51.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/23 00:49:51.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 00:49:51.0781 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/23 00:49:52.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 00:49:52.0468 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 00:49:53.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/23 00:49:53.0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 00:49:53.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 00:49:53.0312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 00:49:53.0390 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/23 00:49:53.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 00:49:53.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 00:49:53.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 00:49:53.0828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/23 00:49:53.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/23 00:49:53.0906 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 00:49:53.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 00:49:54.0078 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/10/23 00:49:54.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 00:49:54.0890 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/23 00:49:55.0437 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/23 00:49:55.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/23 00:49:55.0562 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/23 00:49:55.0671 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/10/23 00:49:56.0046 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/10/23 00:49:56.0234 ================================================================================
2010/10/23 00:49:56.0234 Scan finished
2010/10/23 00:49:56.0234 ================================================================================

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 25th October 2010, 6:57 pm

Bump, I think.

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 26th October 2010, 12:01 am

Hello.

Please reboot your computer, when prompted with a new menu that lists this:



Select the Recovery Console option. Next, enter option 1 for your OS.



When prompted with C:\Windows>, type in "fixmbr" without the quote marks. You may be prompted with a yes/no warning, if so enter yes.

Next, type exit and reboot your machine.



Next, please re-run MBRCheck and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 26th October 2010, 12:23 am

I hope it didn't get cut off this time... Also, about the Western Digital thing that shows up towards the end, my dad got a My Passport external hard drive recently and I guess he installed it even though I wanted him to wait till we were done. :/ He probably wanted to back up his pictures and music before we did anything else.

-----------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 175):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7A89000 \WINDOWS\system32\KDCOM.DLL
0xF7999000 \WINDOWS\system32\BOOTVID.dll
0xF753A000 ACPI.sys
0xF7A8B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7529000 pci.sys
0xF7589000 isapnp.sys
0xF799D000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF79A1000 compbatt.sys
0xF79A5000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7B52000 pciide.sys
0xF7809000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8D000 aliide.sys
0xF7A8F000 intelide.sys
0xF7A91000 toside.sys
0xF7A93000 viaide.sys
0xF7A95000 cmdide.sys
0xF750B000 pcmcia.sys
0xF7599000 MountMgr.sys
0xF74EC000 ftdisk.sys
0xF7811000 PartMgr.sys
0xF75A9000 VolSnap.sys
0xF79A9000 cpqarray.sys
0xF74D4000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74BC000 atapi.sys
0xF79AD000 aha154x.sys
0xF7819000 sparrow.sys
0xF79B1000 symc810.sys
0xF75B9000 aic78xx.sys
0xF79B5000 dac960nt.sys
0xF75C9000 ql10wnt.sys
0xF79B9000 amsint.sys
0xF7821000 asc.sys
0xF79BD000 asc3550.sys
0xF7829000 mraid35x.sys
0xF7831000 i2omp.sys
0xF79C1000 ini910u.sys
0xF75D9000 ql1240.sys
0xF75E9000 aic78u2.sys
0xF7839000 symc8xx.sys
0xF7841000 sym_hi.sys
0xF7849000 sym_u3.sys
0xF7851000 ABP480N5.SYS
0xF7859000 asc3350p.sys
0xF7A97000 cd20xrnt.sys
0xF75F9000 ultra.sys
0xF74A3000 adpu160m.sys
0xF7861000 dpti2o.sys
0xF7609000 ql1080.sys
0xF7619000 ql1280.sys
0xF7629000 ql12160.sys
0xF7869000 perc2.sys
0xF7A99000 perc2hib.sys
0xF7871000 hpn.sys
0xF79C5000 cbidf2k.sys
0xF7477000 dac2w2k.sys
0xF7639000 disk.sys
0xF7649000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7457000 fltmgr.sys
0xF7445000 sr.sys
0xF73E8000 mfehidk.sys
0xF7659000 PxHelp20.sys
0xF73D1000 KSecDD.sys
0xF73BE000 WudfPf.sys
0xF7331000 Ntfs.sys
0xF7304000 NDIS.sys
0xF7669000 sisagp.sys
0xF7679000 viaagp.sys
0xF7689000 ohci1394.sys
0xF7699000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72EA000 Mup.sys
0xF76A9000 agp440.sys
0xF76B9000 alim1541.sys
0xF76C9000 amdagp.sys
0xF76D9000 agpCPQ.sys
0xF724A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6756000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6742000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7951000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF671E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7959000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF66C3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6EA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7961000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6697000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7969000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6E90000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7971000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
0xF6E80000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6E70000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6674000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7979000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6631000 \SystemRoot\system32\drivers\camchal.sys
0xF65E9000 \SystemRoot\system32\drivers\camcaud.sys
0xF65C5000 \SystemRoot\system32\drivers\portcls.sys
0xF6E60000 \SystemRoot\system32\drivers\drmk.sys
0xF659C000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF648D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF63F4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7981000 \SystemRoot\System32\Drivers\Modem.SYS
0xF721E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7BCD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF63E0000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF6E50000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7216000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF63C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6E40000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6E30000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7989000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF63B8000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6E20000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6394000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6349000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7991000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7881000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6E10000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xF7729000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ABB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62C3000 \SystemRoot\system32\DRIVERS\update.sys
0xF71DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7739000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE203000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEE1E5000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF7759000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6771000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE132000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7B62000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7B5E000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7ABF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B60000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AC1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A1000 \SystemRoot\System32\drivers\vga.sys
0xF7AC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78A9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF676D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE0FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE0A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE093000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEE06D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE045000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7769000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDFFB000 \SystemRoot\System32\drivers\afd.sys
0xF7779000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDFD0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF60000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7799000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDEEC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDED4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AD5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6335000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C12000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEDDB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDB37000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xED9C7000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDA6B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7911000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xED20A000 \SystemRoot\System32\Drivers\HTTP.sys
0xED182000 \SystemRoot\system32\drivers\cfwids.sys
0xED0DD000 \SystemRoot\system32\drivers\wdmaud.sys
0xF72BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xED3D3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1328 C:\WINDOWS\system32\svchost.exe
1368 C:\WINDOWS\system32\svchost.exe
1416 svchost.exe
1460 svchost.exe
1872 C:\WINDOWS\system32\spoolsv.exe
1948 svchost.exe
1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
2012 C:\WINDOWS\system32\CTSVCCDA.EXE
388 C:\Program Files\Java\jre6\bin\jqs.exe
412 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
548 C:\WINDOWS\system32\mfevtps.exe
572 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
1160 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1472 C:\WINDOWS\system32\svchost.exe
1412 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1556 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
1900 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
1040 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1204 C:\WINDOWS\system32\svchost.exe
1468 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2100 C:\WINDOWS\system32\wuauclt.exe
2116 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3080 alg.exe
2360 C:\WINDOWS\system32\svchost.exe
2472 C:\WINDOWS\explorer.exe
2784 C:\WINDOWS\system32\rundll32.exe
4032 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
812 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
208 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
860 C:\Program Files\Digital Media Reader\shwicon2k.exe
924 C:\WINDOWS\system32\igfxtray.exe
1236 C:\WINDOWS\system32\hkcmd.exe
1252 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2180 C:\Program Files\QuickTime\QTTask.exe
2144 C:\Program Files\iTunes\iTunesHelper.exe
2352 C:\Program Files\McAfee.com\Agent\mcagent.exe
2416 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2468 C:\Program Files\Messenger\msmsgs.exe
2780 C:\Program Files\McAfee Online Backup\MOBKstat.exe
2876 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
1788 C:\Program Files\iPod\bin\iPodService.exe
2788 C:\Documents and Settings\Wilfredo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`e2031a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HTS421280H9AT00, Rev: HA3OA70G

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 26th October 2010, 12:35 am

Heh, that killed the MBR infection. Don't worry about the external, it's fine.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 28th October 2010, 3:17 am

Sorry about the delay! The ESET online scanner kept getting stuck on those PDF files I mentioned before and never got past 46%, so I had to wait for my dad to go through them and either delete them or store them somewhere else so the scan could complete.

Anyway, the scan FINALLY finished all the way through but I made the mistake of asking it to uninstall the files at the end and so I can't find the log for the scan. Sad tearing BUT it did say "No threats found"! It didn't find any infected files or anything and so it didn't have to quarantine or delete anything. YAAAY! Does that mean it's over?

Once again, thank you so much for your help!

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 29th October 2010, 5:12 pm

Hello.
Should be good now, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Agustina on 30th October 2010, 12:52 am

YAAAY! Thank you so much! That is a relief. The computer is running the same as it always has before this whole thing (way slower than our other ones but maybe it's just cause it's old?), so I think it's okay? HOORAY~!

Agustina
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-09-19
OS OS : Vista
Points Points : 26722
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Agent, Hijack.Shell, & Hijack.SearchPage

Post by Belahzur on 30th October 2010, 11:16 pm

Your slowness is caused by really bad hardware, your log showed you have 512mb of RAM, when really a computer nowadays needs at the very least 1.5gb to work as a decent speed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum