Pup.Whitesmoke + Trackers

View previous topic View next topic Go down

Pup.Whitesmoke + Trackers

Post by ibanez270dx on Sat 15 Jan 2011, 8:27 am

Hi everyone,
I've got a issue with one of my systems that has a couple of viruses on it... I've ran SuperAntiSpyware and MalwareBytes, but PUP.Whitesmoke and an Ad.Tracker keep coming back. I ran HiJack this, and the log is below. The machine is pending a reboot because SuperAntiSpyware just finished... rebooting now. Any and all help is appreciated!

Thanks in advance,
- Jeff Miller

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:49 PM, on 1/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sheila Shiraz\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sheila Shiraz\Local Settings\Temporary Internet Files\Content.IE5\DMOMJHLC\HijackThis[1].exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {0AFD9937-10D5-436F-9F2B-08BF61754446} (OutlookTools Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CPCScietificInc.local
O17 - HKLM\Software\..\Telephony: DomainName = CPCScietificInc.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{10C8609C-5F77-4992-972D-466046B76619}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CPCScietificInc.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{10C8609C-5F77-4992-972D-466046B76619}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Retrospect Client - EMC - C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect Client\rthlpsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9340 bytes

ibanez270dx

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2009-01-18
Operating System : Windows XP Pro CE

View user profile

Back to top Go down

Re: Pup.Whitesmoke + Trackers

Post by Pancake on Sat 15 Jan 2011, 8:39 am

[You must be registered and logged in to see this link.]






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Pup.Whitesmoke + Trackers

Post by ibanez270dx on Sat 15 Jan 2011, 10:29 am

Here are the results of OTL:

OTL logfile created on: 1/14/2011 2:27:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and
Settings\Sheila Shiraz\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory |
72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 298.04 Gb Total Space | 275.44 Gb Free Space | 92.42% Space
Free | Partition Type: NTFS
Drive S: | 234.37 Gb Total Space | 164.09 Gb Free Space | 70.01% Space
Free | Partition Type: NTFS

Computer Name: SHEILA-DESK | User Name: sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company
Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 13:58:48 | 000,602,112 | ---- | M] (OldTimer Tools)
-- C:\Documents and Settings\Sheila Shiraz\My
Documents\Downloads\OTL.com
PRC - [2010/12/31 12:03:18 | 000,910,808 | ---- | M] (Mozilla
Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/14 12:02:18 | 002,424,560 | ---- | M]
(SUPERAntiSpyware.com) -- C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) --
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/11/04 17:15:32 | 002,219,184 | ---- | M] (ESET) --
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/19 09:23:24 | 007,418,368 | ---- | M] (OpenOffice.org)
-- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 007,424,000 | ---- | M] (OpenOffice.org)
-- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft,
Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/11 13:38:40 | 000,354,840 | ---- | M] (Intel
Corporation) -- C:\Program Files\Intel\Intel Matrix Storage
Manager\IAANTmon.exe
PRC - [2009/01/21 14:00:54 | 000,065,536 | ---- | M] () -- C:\Program
Files\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2008/12/01 17:37:32 | 000,331,776 | ---- | M] (EMC) --
C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
PRC - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) --
C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft,
Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft
Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft
Corporation) -- C:\Program Files\Microsoft Small Business\Business
Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/14 13:58:48 | 000,602,112 | ---- | M] (OldTimer Tools)
-- C:\Documents and Settings\Sheila Shiraz\My
Documents\Downloads\OTL.com
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft
Corporation) --
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft
Corporation) -- C:\Program Files\Windows Desktop
Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 09:13:36 | 000,077,824 | ---- | M]
(SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/14 04:00:00 | 000,060,416 | ---- | M] (Microsoft
Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/11/04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand
| Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
-- (EhttpSrv)
SRV - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto |
Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe --
(ekrn)
SRV - [2009/02/11 13:38:40 | 000,354,840 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix
Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/21 14:00:54 | 000,065,536 | ---- | M] () [Auto |
Running] -- C:\Program Files\Brother\BRAdmin Professional
3\bratimer.exe -- (BRA_Scheduler)
SRV - [2008/12/08 05:50:52 | 000,122,880 | ---- | M] (EMC Corporation)
[Auto | Stopped] -- C:\Program Files\Retrospect\Retrospect
Client\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) [Auto |
Running] -- C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
-- (Retrospect Client)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft,
Inc.) [Auto | Running] -- C:\Program Files\Dell Support
Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft
Sprocket Service (dellsupportcenter)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small
Business\Business Contact Manager\BcmSqlStartupSvc.exe --
(BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/08/04 10:50:36 | 000,140,752 | ---- | M] (ESET)
[File_System | Auto | Running] --
C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 12:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel |
System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys --
(epfwtdir)
DRV - [2010/07/29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel |
System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M]
(SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System |
Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS --
(SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M]
(SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System |
Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys --
(SASDIFSV)
DRV - [2009/08/12 14:23:20 | 000,077,608 | ---- | M] (Juniper
Networks) [Kernel | System | Running] --
C:\WINDOWS\system32\drivers\NEOFLTR_650_14599.SYS --
(NEOFLTR_650_14599) Juniper Networks TDI Filter Driver
(NEOFLTR_650_14599)
DRV - [2009/05/25 14:16:06 | 000,329,752 | ---- | M] (Intel
Corporation) [Kernel | Boot | Running] --
C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/03 17:57:54 | 000,130,688 | ---- | M] (Realtek
Semiconductor Corporation ) [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys --
(RTLE8023xp)
DRV - [2008/08/18 14:21:20 | 000,110,080 | ---- | M] (Intel(R)
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
Intel(R)
DRV - [2008/08/18 14:20:58 | 006,044,864 | ---- | M] (Intel
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/18 14:20:06 | 004,752,896 | ---- | M] (Realtek
Semiconductor Corp.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 04:06:40 | 000,043,008 | ---- | M] (Advanced Micro
Devices, Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 000,040,960 | ---- | M] (Silicon
Integrated Systems Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R)
Server 2003 DDK provider) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/03 07:13:48 | 000,011,264 | ---- | M] (Realtek
Semiconductor Corporation) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/19 21:14:08 | 000,016,640 | ---- | M] (Realtek
Semiconductor Corporation) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/19 21:04:50 | 000,008,960 | ---- | M] (Realtek
Semiconductor Corporation) [Kernel | Auto | Running] --
C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
[Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic)
[Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic)
[Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic)
[Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic
Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise
Technology, Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic
Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic
Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic
Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex
Corporation) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American
Megatrends Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System
Products, Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System
Products, Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer
Laboratories Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology,
Inc.) [Kernel | Disabled | Stopped] --
C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL
= [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
= [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
[You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
[You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
[You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
[You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox
3.5.16\extensions\\Components: C:\Program Files\Mozilla
Firefox\components [2011/01/13 13:17:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins:
C:\Program Files\Mozilla Firefox\plugins [2011/01/14 13:16:24 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com:
C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010/12/06 09:59:43 | 000,000,000 | ---D | M]

[2009/09/21 08:51:55 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Extensions
[2011/01/14 13:50:21 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions
[2010/01/27 15:12:29 | 000,000,000 | ---D | M] (Microsoft .NET
Framework Assistant) -- C:\Documents and Settings\Sheila
Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 12:03:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/12 13:18:48 | 000,000,000 | ---D | M] (Trailfire) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\{7b5c6cd0-3ead-11da-8cd6-0800200c9a66}
[2009/12/09 07:38:10 | 000,000,000 | ---D | M] (AIM Toolbar) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/29 11:54:45 | 000,000,000 | ---D | M] ("LinkDiagnosis 2.0")
-- C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\beta@linkdiagnosis.com
[2010/01/06 15:43:30 | 000,000,000 | ---D | M] (Firebug) --
C:\Documents and Settings\Sheila Shiraz\Application
Data\Mozilla\Firefox\Profiles\kqr7t66w.default\extensions\firebug@software.joehewitt.com
[2011/01/14 13:48:10 | 000,000,000 | ---D | M] (No name found) --
C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 13:16:28 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/14 13:16:09 | 000,472,808 | ---- | M] (Sun Microsystems,
Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/14 11:18:43 | 000,001,003 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (AcroIEHlprObj Class) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems
Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support
Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program
Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support
Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Sheila Shiraz\Start
Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program
Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe
Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems
Incorporated)
O15 - HKCU\..Trusted Domains: cpcserver ([]http in Trusted sites)
O16 - DPF: {0AFD9937-10D5-436F-9F2B-08BF61754446}
[You must be registered and logged in to see this link.] (OutlookTools Object)
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC}
[You must be registered and logged in to see this link.] (XeWare Control)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E}
[You must be registered and logged in to see this link.] (NSHelp Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
[You must be registered and logged in to see this link.]
(DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
[You must be registered and logged in to see this link.]
(Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[You must be registered and logged in to see this link.]
(Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[You must be registered and logged in to see this link.]
(Java Plug-in 1.6.0_23)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
[You must be registered and logged in to see this link.]
(JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CPCScietificInc.local
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -
C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sheila Shiraz\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sheila
Shiraz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} -
C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
(Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 13:29:32 | 000,000,000 | ---- | M] ()
- C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days
==========


[2011/01/14 14:22:35 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Application Data\ACCPAC
[2011/01/14 14:21:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/01/14 13:16:52 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\Sun
[2011/01/14 13:16:48 | 000,000,000 | ---D | C] -- C:\Program
Files\Common Files\Java
[2011/01/14 13:16:24 | 000,472,808 | ---- | C] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/14 13:16:24 | 000,157,472 | ---- | C] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/14 13:16:24 | 000,145,184 | ---- | C] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/14 13:16:24 | 000,145,184 | ---- | C] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/14 13:16:24 | 000,073,728 | ---- | C] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/14 13:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/14 13:11:08 | 000,077,608 | ---- | C] (Juniper Networks) --
C:\WINDOWS\System32\drivers\NEOFLTR_650_14599.SYS
[2011/01/14 13:11:08 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/01/14 13:10:28 | 000,000,000 | ---D | C] -- C:\Program
Files\Juniper Networks
[2011/01/14 13:10:02 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\Juniper Networks
[2011/01/14 13:09:47 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Application Data\Juniper Networks
[2011/01/14 13:07:22 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Local Settings\Application Data\ESET
[2011/01/14 09:24:49 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Application Data\SUPERAntiSpyware.com
[2011/01/14 09:24:49 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/14 09:24:15 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/14 09:24:11 | 000,000,000 | ---D | C] -- C:\Program
Files\SUPERAntiSpyware
[2011/01/14 08:50:59 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Application Data\TeamViewer
[2011/01/14 08:15:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/13 13:53:24 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Sheila Shiraz\Desktop\B.O.K
[2011/01/13 13:01:21 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Sheila Shiraz\Desktop\TEMPLATES!
[2011/01/13 12:02:24 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Sheila Shiraz\Local Settings\Application Data\NOS
[2011/01/13 11:15:34 | 000,081,920 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/01/13 11:15:24 | 000,040,960 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/01/13 11:15:23 | 000,179,712 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2011/01/13 11:15:17 | 000,249,856 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\odbc32.dll
[2011/01/13 11:15:17 | 000,200,704 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/01/13 11:15:17 | 000,180,224 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/01/13 11:15:17 | 000,143,360 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/01/13 11:15:17 | 000,102,400 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/01/13 11:15:17 | 000,081,920 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/01/13 11:15:17 | 000,081,920 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/01/13 11:15:17 | 000,081,920 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/01/13 11:15:17 | 000,061,440 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/01/13 11:15:17 | 000,061,440 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/01/13 11:15:16 | 000,536,576 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/01/13 11:15:15 | 000,045,568 | ---- | C] (Microsoft Corporation)
-- C:\WINDOWS\System32\dllcache\wab.exe
[2011/01/13 11:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2011/01/13 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\LocalService\Local Settings\Application Data\ESET
[2011/01/13 10:31:30 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\LocalService\Application Data\Sun
[2011/01/13 09:14:09 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\LocalService\Application Data\Macromedia
[2011/01/13 09:14:00 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\LocalService\Application Data\Adobe
[2011/01/13 09:02:21 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\NetworkService\Application Data\Macromedia
[2011/01/06 10:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\OnlyWire
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/14 13:37:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 13:34:15 | 3184,508,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 13:34:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 13:16:09 | 000,157,472 | ---- | M] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/14 13:16:08 | 000,472,808 | ---- | M] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/14 13:16:08 | 000,145,184 | ---- | M] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/14 13:16:08 | 000,145,184 | ---- | M] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/14 13:16:08 | 000,073,728 | ---- | M] (Sun Microsystems,
Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/14 13:11:07 | 000,000,028 | ---- | M] () -- C:\pending.un
[2011/01/14 09:24:17 | 000,001,680 | ---- | M] () -- C:\Documents and
Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/13 14:14:29 | 000,285,312 | ---- | M] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/13 13:57:47 | 000,010,734 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Desktop\Territories.docx
[2011/01/13 13:11:56 | 000,083,968 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Desktop\S.O..doc
[2011/01/13 13:01:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 12:46:50 | 000,079,872 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Desktop\P.P.!.doc
[2011/01/12 11:11:56 | 000,019,563 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\My
Documents\how-many-calories-to-lose-weight.odt
[2011/01/07 07:12:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/14 13:11:07 | 000,000,028 | ---- | C] () -- C:\pending.un
[2011/01/14 09:24:17 | 000,001,680 | ---- | C] () -- C:\Documents and
Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/13 13:47:43 | 000,010,734 | ---- | C] () -- C:\Documents and
Settings\Sheila Shiraz\Desktop\Territories.docx
[2011/01/12 11:11:55 | 000,019,563 | ---- | C] () -- C:\Documents and
Settings\Sheila Shiraz\My
Documents\how-many-calories-to-lose-weight.odt
[2010/08/31 14:11:35 | 000,235,568 | ---- | C] () -- C:\Documents and
Settings\LocalService\Local Settings\Application
Data\FontCache3.0.0.0.dat
[2010/03/10 11:17:24 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/03/10 11:17:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/03/10 11:17:13 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/03/10 11:17:08 | 000,031,253 | ---- | C] () -- C:\WINDOWS\HL-5370DW.INI
[2010/03/10 11:17:06 | 000,045,056 | ---- | C] () --
C:\WINDOWS\System32\BRTCPCON.DLL
[2010/03/10 11:17:06 | 000,000,114 | ---- | C] () --
C:\WINDOWS\System32\BRLMW03A.INI
[2010/03/10 11:16:29 | 000,000,338 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/12/02 15:41:37 | 000,000,132 | ---- | C] () --
C:\WINDOWS\System32\AddPort.ini
[2009/12/02 15:40:39 | 000,000,761 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/12/02 15:39:08 | 000,000,315 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\hpzinstall.log
[2009/10/14 13:37:34 | 000,005,864 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\CRMOutlookPluginUninst.txt
[2009/09/11 16:07:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/11 16:04:21 | 000,017,920 | ---- | C] () --
C:\WINDOWS\System32\implode.dll
[2009/09/02 15:43:08 | 000,073,728 | ---- | C] () --
C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/02 15:43:07 | 000,147,456 | ---- | C] () --
C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/09/02 15:41:48 | 000,001,153 | ---- | C] () --
C:\WINDOWS\System32\OEMINFO.INI
[2009/09/02 12:13:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () --
C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/01 17:34:20 | 000,065,536 | ---- | C] () --
C:\WINDOWS\System32\shlwimp.dll
[2008/04/25 13:26:32 | 000,001,793 | ---- | C] () --
C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 01:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 06:51:02 | 000,020,698 | ---- | C] () --
C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 06:48:48 | 000,030,628 | ---- | C] () --
C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 06:48:28 | 000,031,698 | ---- | C] () --
C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () --
C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () --
C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () --
C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () --
C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () --
C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/25 13:29:00 | 000,000,067 | -HS- | M] () --
C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
-- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard
Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation)
-- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 13:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and
Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick
Launch\*.lnk /x >

[2009/09/11 15:37:29 | 000,000,119 | -HS- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Application Data\Microsoft\Internet
Explorer\Quick Launch\desktop.ini
[2008/04/25 13:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Application Data\Microsoft\Internet
Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/08/25 14:45:16 | 000,550,216 | ---- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Desktop\AHCSetup.exe
[2010/02/10 13:16:56 | 021,191,488 | ---- | M] (Macrovision
Corporation) -- C:\Documents and Settings\Sheila
Shiraz\Desktop\CRMClientSetup.exe
[2009/08/25 15:23:41 | 001,454,985 | ---- | M] (FreeSoft
) -- C:\Documents and
Settings\Sheila Shiraz\Desktop\hc5520060102.exe
[2009/08/31 07:35:19 | 006,706,482 | ---- | M] (Axandra GmbH
) -- C:\Documents and
Settings\Sheila Shiraz\Desktop\IBP-Installer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 04:00:00 | 000,000,791 | ---- | M] () --
C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/31 12:03:18 | 000,122,328 | ---- | M] (Mozilla Foundation) --
C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/31 12:03:18 | 000,910,808 | ---- | M] (Mozilla Corporation)
-- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/31 12:03:22 | 000,246,744 | ---- | M] (Mozilla Foundation) --
C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/11 15:37:28 | 000,000,122 | -HS- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/02 12:12:53 | 000,013,774 | RHS- | M] () -- C:\Documents and
Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2009/12/08 10:43:51 | 002,023,936 | ---- | M] (Microsoft
Corporation) Unable to obtain MD5 --
C:\WINDOWS\system32\ntkrnlpa.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 01:21:09 | 000,094,208 | ---- | M] () --
C:\WINDOWS\system32\config\default.sav
[2008/04/25 01:21:09 | 001,089,536 | ---- | M] () --
C:\WINDOWS\system32\config\software.sav
[2008/04/25 01:21:09 | 000,905,216 | ---- | M] () --
C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 04:00:00 | 000,009,029 | ---- | M] () --
C:\WINDOWS\system32\ansi.sys
[2008/04/14 04:00:00 | 000,027,097 | ---- | M] () --
C:\WINDOWS\system32\country.sys
[2008/04/14 04:00:00 | 000,004,768 | ---- | M] () --
C:\WINDOWS\system32\himem.sys
[2008/04/14 04:00:00 | 000,042,809 | ---- | M] () --
C:\WINDOWS\system32\key01.sys
[2008/04/14 04:00:00 | 000,042,537 | ---- | M] () --
C:\WINDOWS\system32\keyboard.sys
[2008/04/14 04:00:00 | 000,027,866 | ---- | M] () --
C:\WINDOWS\system32\ntdos.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () --
C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 04:00:00 | 000,029,370 | ---- | M] () --
C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 04:00:00 | 000,029,274 | ---- | M] () --
C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 04:00:00 | 000,029,146 | ---- | M] () --
C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 04:00:00 | 000,033,840 | ---- | M] () --
C:\WINDOWS\system32\ntio.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () --
C:\WINDOWS\system32\ntio404.sys
[2008/04/14 04:00:00 | 000,035,648 | ---- | M] () --
C:\WINDOWS\system32\ntio411.sys
[2008/04/14 04:00:00 | 000,035,424 | ---- | M] () --
C:\WINDOWS\system32\ntio412.sys
[2008/04/14 04:00:00 | 000,034,560 | ---- | M] () --
C:\WINDOWS\system32\ntio804.sys
[2008/04/14 04:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation)
-- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 05:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation)
-- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
-- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard
Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5k4.DLL

< %SYSTEMDRIVE%\*.* >
[2009/10/15 13:47:01 | 000,000,141 | ---- | M] () -- C:\20091015ewaresystem.log
[2009/10/16 13:53:07 | 000,000,094 | ---- | M] () -- C:\20091016ewaresystem.log
[2009/10/19 13:50:56 | 000,000,047 | ---- | M] () -- C:\20091019ewaresystem.log
[2008/04/25 13:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/06 09:54:27 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/01/18 22:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/25 13:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/02 15:44:29 | 000,005,806 | RH-- | M] () -- C:\dell.sdr
[2011/01/14 13:34:15 | 3184,508,928 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/25 13:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/12/09 07:35:28 | 000,000,461 | -H-- | M] () -- C:\IPH.PH
[2011/01/14 13:50:11 | 000,019,832 | ---- | M] () -- C:\JavaRa.log
[2011/01/13 12:58:25 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/25 13:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/14 13:34:14 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/01/14 13:11:07 | 000,000,028 | ---- | M] () -- C:\pending.un

< %PROGRAMFILES%\*. >
[2010/08/05 14:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/09 07:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Search
[2009/10/14 06:33:41 | 000,000,000 | ---D | M] -- C:\Program
Files\Article Submitter
[2010/04/02 15:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/03/10 11:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2011/01/14 14:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/01/14 13:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/25 13:27:07 | 000,000,000 | ---D | M] -- C:\Program
Files\ComPlus Applications
[2009/09/02 12:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/09/02 11:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/09/02 12:03:18 | 000,000,000 | ---D | M] -- C:\Program
Files\Dell Support Center
[2010/12/06 09:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/11/08 14:43:03 | 000,000,000 | ---D | M] -- C:\Program
Files\FileZilla FTP Client
[2010/09/23 07:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/02 15:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/01/13 11:04:55 | 000,000,000 | -H-D | M] -- C:\Program
Files\InstallShield Installation Information
[2009/09/02 11:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/01/13 13:00:29 | 000,000,000 | ---D | M] -- C:\Program
Files\Internet Explorer
[2011/01/14 13:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/16 09:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2011/01/14 13:10:28 | 000,000,000 | ---D | M] -- C:\Program
Files\Juniper Networks
[2011/01/13 14:14:28 | 000,000,000 | ---D | M] -- C:\Program
Files\Malwarebytes' Anti-Malware
[2009/09/02 11:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/17 14:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/04/25 13:29:52 | 000,000,000 | ---D | M] -- C:\Program
Files\microsoft frontpage
[2009/09/02 12:10:53 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Office
[2009/11/17 14:08:04 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Office Outlook Connector
[2010/01/27 07:04:10 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Silverlight
[2009/09/02 12:10:52 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Small Business
[2010/01/27 15:20:08 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft SQL Server
[2009/09/02 12:02:25 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Visual Studio
[2009/09/11 15:41:36 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Windows Small Business Server
[2010/01/27 15:22:03 | 000,000,000 | ---D | M] -- C:\Program
Files\Microsoft Works
[2009/09/02 12:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/31 07:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/01/14 14:25:26 | 000,000,000 | ---D | M] -- C:\Program
Files\Mozilla Firefox
[2008/04/25 13:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/16 08:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/04/25 13:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
Gaming Zone
[2009/10/15 09:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/02 12:09:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/04/25 13:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/09/02 12:03:24 | 000,000,000 | ---D | M] -- C:\Program
Files\NortonInstaller
[2008/04/25 13:26:49 | 000,000,000 | ---D | M] -- C:\Program
Files\Online Services
[2011/01/06 14:49:47 | 000,000,000 | ---D | M] -- C:\Program Files\OnlyWire
[2009/10/16 09:32:39 | 000,000,000 | ---D | M] -- C:\Program
Files\OpenOffice.org 3
[2011/01/13 12:56:37 | 000,000,000 | ---D | M] -- C:\Program
Files\Outlook Express
[2010/12/06 09:57:33 | 000,000,000 | ---D | M] -- C:\Program
Files\Panda Security
[2009/09/02 11:59:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/04/25 13:39:00 | 000,000,000 | ---D | M] -- C:\Program
Files\Reference Assemblies
[2010/01/13 13:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2009/10/14 12:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sage
[2009/09/11 16:04:22 | 000,000,000 | ---D | M] -- C:\Program
Files\Seagate Software
[2011/01/14 09:25:01 | 000,000,000 | ---D | M] -- C:\Program
Files\SUPERAntiSpyware
[2008/04/25 13:32:50 | 000,000,000 | -H-D | M] -- C:\Program
Files\Uninstall Information
[2009/09/14 06:02:09 | 000,000,000 | ---D | M] -- C:\Program
Files\Windows Desktop Search
[2010/01/20 10:40:27 | 000,000,000 | ---D | M] -- C:\Program
Files\Windows Media Connect 2
[2010/01/20 10:40:26 | 000,000,000 | ---D | M] -- C:\Program
Files\Windows Media Player
[2008/04/25 13:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/04/25 13:28:13 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/09/17 06:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/04/25 13:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/04/25 01:22:23 | 000,000,062 | -HS- | M] () -- C:\Documents and
Settings\Sheila Shiraz\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\I386\sp3.cab:AGP440.sys
[2008/04/14 01:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=08FD04AA961BDC77FB983F328334E3D7 --
C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\I386\sp3.cab:atapi.sys
[2008/04/14 01:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation)
MD5=9F3A2F5AA6875C72BF062C712CFA2674 --
C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\I386\sp3.cab:disk.sys
[2008/04/14 01:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation)
MD5=044452051F3E02E7963599FC8F4F3E25 --
C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation)
MD5=6D4FEB43EE538FC5428CC7F0565AA656 --
C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 13:26:18 | 000,407,576 | ---- | M] (Intel Corporation)
MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel
Matrix Storage Manager\driver64\IaStor.sys
[2008/07/20 18:44:44 | 000,324,120 | ---- | M] (Intel Corporation)
MD5=707C1692214B1C290271067197F075F6 -- C:\Program
Files\Dell\DBRM\osmedia\I386\IASTOR.SYS
[2009/05/25 14:16:06 | 000,329,752 | ---- | M] (Intel Corporation)
MD5=71ECC07BC7C5E24C3DD01D8A29A24054 --
C:\drivers\storage\R221189\IaStor.sys
[2009/02/11 13:11:50 | 000,329,752 | ---- | M] (Intel Corporation)
MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel
Matrix Storage Manager\driver\IaStor.sys
[2009/05/25 14:16:06 | 000,329,752 | ---- | M] (Intel Corporation)
MD5=71ECC07BC7C5E24C3DD01D8A29A24054 --
C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)
MD5=1B7F071C51B77C272875C3A23E1E4550 --
C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 07:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation)
MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\Program
Files\Dell\DBRM\osmedia\I386\NVGTS.SYS

< MD5 for: NVRD32.SYS >
[2008/01/21 07:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation)
MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\Program
Files\Dell\DBRM\osmedia\I386\NVRD32.SYS

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation)
MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/09 19:06:00 | 000,100,096 | ---- | M] (LSI Logic)
MD5=A42F863305943869BA00A613C8EE8C7E -- C:\Program
Files\Dell\DBRM\osmedia\I386\SYMMPI.SYS

< MD5 for: USBSTOR.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\I386\sp3.cab:usbstor.sys
[2008/04/14 01:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\Program Files\Dell\DBRM\osmedia\I386\sp3.cab:usbstor.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file --
C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation)
MD5=A32426D9B14A089EAA1D922E0C5801A9 --
C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation)
MD5=A32426D9B14A089EAA1D922E0C5801A9 --
C:\WINDOWS\system32\drivers\USBSTOR.SYS

<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install\\LastSuccessTime: 2011-01-13 21:02:12

< End of report >

ibanez270dx

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2009-01-18
Operating System : Windows XP Pro CE

View user profile

Back to top Go down

Re: Pup.Whitesmoke + Trackers

Post by Pancake on Sat 15 Jan 2011, 11:43 am

Please download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Pup.Whitesmoke + Trackers

Post by Sponsored content Today at 2:45 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum