Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Serious Worm/Trojan infection

Jump to Latest
1.9K views 20 replies 3 participants last post by  amateur  
J
#1 ·
Hi, I'm looking for some advice. My antivirus recently ran out and before I had the chance to install tha latest version my PC picked up a virus. First I received pop-up boxes telling me my computer was infected with "Trojan SPM/LX" and that I should download the spyware removal software (which I didn't). Then I started getting more pop-up boxes saying the computer was infected with worm.Win32.Netsky. I wasn't able to open task manager or do a system restore as it said the files were infected. I also had the same problem in safe mode. Now, however, it seems to have got very serious. I downloaded the latest Norton antivirus and when I ran a scan the computer switched off. Now whenever I start the computer I get a black screen (like you would get when you press F8 on start-up) with the safe mode and restore options. I have tried all these options but whenever I click one the screen says there is no signal and the PC restarts itself. It seems to run in a viscious circle, which I can't get out of. I am terrified that I have lost all my personal files (most of them not backed-up - which I know is extremely stupid on my account). Can you offer any glimmer of hope or have I lost everything?

Thank you in ancticipation,

JK
 
#2 ·
Hi,



Hopefully you have access to a computer that can burn CD's

We will need to make a BOOT CD

Print these instruction out so that you know what you are doing.

Two programs to download

First

Please downloadISOBurner and save it to your desktop. This program will allow you to burn OTLPE.ISO to make a bootable CD.
  • *
  • Double click the ISOBurner set up icon to install the program, from there on in it is fairly automatic.
  • There are Instructions for the iso burner here if you need them.

Second


  • Download OTLPE.iso save it to your desktop. Now burn OTLPE.iso to a CD using ISO Burner. {NOTE: This file is 292Mb in size so it may take some time to download.)
  • When downloaded double click OTLPE.iso > this will then open ISOBurner to burn the file to CD

  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • you will find an icon on the desktop called OTLPE > Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to SafeList
  • Press Run Scan to start the scan.
  • When finished, the file will be saved**in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.
 
Save
Like Like
J
#3 ·
Hi CatByte, thanks for your help, here is the OTL.txt file:

OTL logfile created on: 3/15/2010 10:08:48 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 54.00% Memory free
455.00 Mb Paging File | 320.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 9.63 Gb Free Space | 12.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 18:07:42 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2010/02/17 07:44:12 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/03/21 10:06:58 | 000,167,324 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\zguhjj.dll -- (hldwzr)
SRV - [2009/01/08 04:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/07/07 19:31:23 | 000,126,976 | ---- | M] () [Auto] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (unbkfe)
DRV - File not found [Kernel | On_Demand] -- -- (sziyhpd)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (jynyq)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (dggcsds)
DRV - File not found [Kernel | On_Demand] -- -- (cjcmmnyn)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (cdiskdun)
DRV - [2010/03/14 18:08:00 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/14 18:07:47 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SymEFA.sys -- (SymEFA)
DRV - [2010/03/14 18:07:47 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/14 18:07:47 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/14 18:07:47 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/14 18:07:47 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/14 18:07:47 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/03/14 18:07:47 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/03/14 18:07:47 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/03/14 18:07:47 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/03/14 18:07:46 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP)
DRV - [2010/03/14 18:07:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/14 18:07:46 | 000,276,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/03/14 18:07:46 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/14 18:07:46 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys -- (EraserUtilDrv10910)
DRV - [2010/03/14 02:04:56 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100314.003\navex15.sys -- (NAVEX15)
DRV - [2010/03/14 02:04:56 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100314.003\naveng.sys -- (NAVENG)
DRV - [2010/02/28 20:09:42 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2010/02/17 07:44:20 | 000,108,904 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/02/17 07:44:20 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/01/08 04:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/28 19:53:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/28 19:53:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/02/22 10:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 10:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 10:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/01 23:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/01 23:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/30 13:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 13:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 13:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/01/13 04:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/12/25 15:38:43 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)
DRV - [2004/04/28 12:10:22 | 000,616,124 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/04/10 04:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004/02/24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/11/13 13:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 13:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 13:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/05 08:47:22 | 000,514,859 | ---- | M] (Digital Camera) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/14 12:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [1999/09/10 07:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...o.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bernie_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
IE - HKU\Bernie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Bernie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Bernie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Bernie_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Bernie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bernie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Guest_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
IE - HKU\Maria_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Sarah_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKU\Sarah_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Sarah_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Sarah_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/21 20:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/15 16:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 16:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/02/15 16:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/02/15 16:29:43 | 000,000,000 | ---D | M]

[2010/03/14 18:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 08:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2005/04/03 21:45:48 | 000,074,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\cgpcore.dll
[2006/11/15 20:49:56 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2005/04/03 21:45:50 | 000,315,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npican.dll
[2003/08/04 18:19:02 | 000,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
[2005/04/03 21:45:50 | 000,028,944 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\pscript.dll
[2005/04/03 21:45:52 | 000,024,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\tcppserv.dll
[2009/10/14 10:55:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/10/14 10:55:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/10/14 10:55:43 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2007/03/26 19:21:22 | 000,009,216 | -HS- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Thumbs.db
[2009/10/14 10:55:43 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\QualityCodec\isaddon.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - No CLSID value found.
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E770AFA1-5066-01E2-6129-51EBB2570CAA} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Protection Bar) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Program Files\QualityCodec\iesplugin.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Bernie_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Bernie_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (no name) - {479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - No CLSID value found.
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (Protection Bar) - {BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} - C:\Program Files\QualityCodec\iesplugin.dll File not found
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\Maria_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Sarah_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Sarah_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Sarah_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [Spyware Doctor] File not found
O4 - HKU\Bernie_ON_C..\Run: [MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe File not found
O4 - HKU\Bernie_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Bernie_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Guest_ON_C..\Run: [MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe File not found
O4 - HKU\Guest_ON_C..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe File not found
O4 - HKU\John_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\John_ON_C..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security essentials)
O4 - HKU\John_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Maria_ON_C..\Run: [Body Idol] C:\DOCUME~1\Maria\APPLIC~1\DVDCHI~1\ByteDaleTeam.exe File not found
O4 - HKU\Maria_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O4 - HKU\Sarah_ON_C..\Run: [MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe File not found
O4 - HKU\Sarah_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Sarah_ON_C..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe File not found
O4 - HKU\Sarah_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: dcomcfg.exe = dcomcfg.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: kernel32.dll = C:\WINDOWS\system32\atmclk.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: homepage.monitor.exe = C:\Program Files\iCodecPack\isamonitor.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: isamonitor.exe = C:\Program Files\QualityCodec\isamonitor.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: wininet.dll = regperf.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bernie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bernie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Bernie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Bernie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sarah_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maria\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01737878-24AF-2BB9-1773-078C17DC29FA} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {02DEADB5-F851-0825-8CB5-4FA05135195C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {05CC0EAF-17EF-2C4C-8766-543D7FBDA1ED} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {080E6237-3209-6AF9-338C-33F709C2A8F9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0902A042-8646-6F04-0C21-0E655E5244B9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0BFB46D1-F357-1BEA-E8E1-094A799244EF} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0C22DD00-158C-71BC-C35A-0C9C3D8D2624} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0D5383FB-DC8C-2150-357B-534159C19498} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0F09E0EB-ABB1-3B39-571E-04AA0F43998B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0F6027BC-8B37-2217-4BD5-19C3109B9662} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {10F20A12-6976-454E-221C-20150F9667E8} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {11A83681-31B4-78CB-57DD-5E3D368E180E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {12A6721C-4143-5992-F870-4BD4274971FD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {12F92A93-2AC1-6081-B501-1CD50EC1DCE2} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {131BE91B-4D2F-06C0-B653-15F92A57B72A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {137ADE69-2CFE-27D6-3756-00C837513EBD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {13F49F89-A8FD-3DA3-0C23-6F7724A5031E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {149C9D63-799E-350B-123A-5EEB400498E9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {196AC85D-802E-315D-824D-1BD40ACD4A06} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {19BAA907-C3DA-7AD0-11A0-4433163156E0} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1CF5F6BD-2157-4CD5-18A2-50DD2CD29DFA} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1D25F718-EE28-3C68-0822-04540BCE26F6} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1EFBE8EA-20B6-059E-DA5B-1C7E7771B3D7} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {20A3D19A-904B-69CB-6B6B-04F90C342A35} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {23A18529-BD4A-4725-E086-690B05C5D3B3} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {24A70052-9816-3838-B9BF-6C43632E4508} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {25ACC39D-C2D8-6257-D2C8-790527E281D5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {274B1E9C-F9F9-7684-40B4-6BD967ED9A4C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {280F6016-FA51-24CE-D841-1A891C455063} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip.com/bestfriends/miniclipGameLoader.dll (Reg Error: Key error.)
O16 - DPF: {2920919D-39E1-4043-D3FC-567D2B6223C0} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {29361693-5DC8-65E4-65A2-4136209ECC6E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2A0ACDBD-EE29-5FDB-934C-69576821A4C4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2D12ECAF-1539-6584-2C72-23B436BB235B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2DA1E157-FC32-6379-AB9E-1EDE776E5719} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2DEB13E3-12E7-7989-DBF9-797743E239AC} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {315E5988-0301-2C99-291E-16E8124FA058} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {32005D91-C7AA-15A5-D667-6B1C466B931C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {322F1CCC-2589-6A88-BC4D-0AB063526394} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33B5A59A-6729-6CF8-A39E-12A675669EFF} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3460ACDF-CDC2-693B-6A86-500C4DCFE89A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3496B885-C587-259C-A1F2-20627B1231C2} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {38652295-C919-7DDE-45D8-29AD3A265113} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3AE7E781-F8F8-5668-208D-4C9954B75C6A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3EA85C6A-944C-4DCB-E1B0-29FC41F0E5FE} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4347E7ED-EC01-5C9E-4E6B-21B32FAEEB2E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {440A17A6-52F1-77EF-6629-74F64DA3AD7E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4515443C-97B0-7059-11E9-06313B7802E4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4518EDC9-5D59-662A-87A0-6B65571A2B65} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {452A6C8F-B535-1786-5501-4D9D0B464486} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {458D3DAE-4178-6E64-7AEC-766E63651A8E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47CD4FB9-BE71-6D2A-30F4-74C964D8EEDD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47D671C0-51E7-672B-F1B7-751901E098EB} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47FB36D8-F671-06B2-059F-29314E2BD662} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4A33DA14-D088-4741-0124-07047812EA23} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4A54389E-AB46-3A98-206E-0947445F1B80} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4EDAD03E-50D0-5A10-3A37-5EAB2F990705} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {52FA7AD6-9ACC-6196-074E-2486639CD15C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} http://216.87.37.188/app/FXCtrl.cab (Reg Error: Key error.)
O16 - DPF: {55C09C5F-610A-274C-B680-555E2B8CFE20} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {564FAEFA-1A8E-4B49-E7E5-16CD01956F79} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {569C2475-74CC-7562-E124-783162CCAA82} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5817A910-70EE-229D-6BB7-18905B70CE8D} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5898DA4C-C116-01D8-94F7-036029558120} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {58A9A0FA-6C0F-6BC0-9D2E-20D411EEFD0B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {590C266D-D429-5C0C-B1C6-21895A71E8C3} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5A2E44A7-AA26-19FF-2E6E-3DAE4636B531} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5B5E4C52-2825-5E00-0C8C-7D2805407F95} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5E3BB556-C3C3-7B99-CF38-030129781CB4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {605F3882-E0E7-0054-BA36-4CEA704405D9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {60FDEA47-5B63-0A3D-D0D9-496655DCF586} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6262EF62-2FFB-7E9B-33B2-27DB356C5D83} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {62B008C0-A991-268E-2028-1B58147D28D6} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {63845A94-A548-714A-7651-0F7631DE07F4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6546E420-7A81-561A-4959-149500DCF7BF} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {655F0739-DC03-4D53-7EBB-1466213C556E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {666D8850-8A59-5D12-B37C-15432637A470} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {67A13961-0CB6-72F7-BCD9-57C55A836516} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {684DA7B8-043D-4D50-402F-06315E33AC5E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6CCDF3D6-1F67-50C2-FFAD-68255B7CF383} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6CD4AB92-44F2-7F78-9C64-485356730653} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6E33BB10-D092-61BB-E809-1C2660F72D96} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6FB76065-C8F9-580B-D18B-43CA47D96985} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {70A827CE-B36C-7247-A99A-4A3F71CA4974} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {71697F5E-F9DA-44FF-DBCF-623706D91A82} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {75609AE8-12C7-268A-B08B-6F5D2CC408E5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {76EC8A28-306D-59A7-EF8C-58F53BF88E66} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {76F8F989-C5DB-4874-23BC-28B76C6982FE} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {783DAE0B-7CA2-0F28-D656-0C6A2541E5E7} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {794D77C2-948C-728F-13EC-068C158DC18F} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7BB883DC-53CA-39B8-A9D1-05596F47FDF5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7E9F553C-280B-4E6B-FEB7-79D008B345AA} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7F98FEEC-9271-4BF5-D005-7A41249CC9CC} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} http://207.226.177.98/gba2218.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - CLSID or File not found.
O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - C:\WINDOWS\System32\oqabf.dll File not found
O22 - SharedTaskScheduler: {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - bonspells - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {4d993022-0899-4599-b4b6-0f887d0802e6} - considerateness - C:\WINDOWS\System32\oqabf.dll File not found
O22 - SharedTaskScheduler: {62eb0924-19d2-4226-b4b9-8ad1f70904c1} - bronchovascular - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/01 04:20:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 18:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Symantec
[2010/03/14 18:08:05 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/03/14 18:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/14 18:08:00 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/14 18:08:00 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/14 18:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/14 18:07:47 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/03/14 18:07:47 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/03/14 18:07:47 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/03/14 18:07:47 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2010/03/14 18:07:47 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/03/14 18:07:47 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/03/14 18:07:47 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2010/03/14 18:07:47 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2010/03/14 18:07:46 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/03/14 18:07:46 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/03/14 18:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/03/14 18:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2010/03/14 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/03/14 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[2010/03/14 17:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/07 19:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Recipes
[2010/03/03 16:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\New Folder
[2010/02/28 20:09:42 | 000,390,528 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportBuka.sys
[2010/02/24 19:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Tracing
[2010/02/22 19:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/22 19:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/21 21:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\SkypeCap
[2010/02/21 21:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SkypeCap
[2010/02/21 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GeoVid
[2010/02/21 21:46:40 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010/02/21 21:46:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsetup.dll
[2010/02/21 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\SkypeCap
[2010/02/20 20:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Papers
[2010/02/15 16:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/15 16:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/15 16:15:40 | 002,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/02/15 16:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/02/15 16:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[5 C:\Documents and Settings\Sarah\My Documents\*.tmp files -> C:\Documents and Settings\Sarah\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/14 18:08:51 | 000,670,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2010/03/14 18:08:49 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/14 18:08:00 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/14 18:08:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/14 18:08:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/14 18:08:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/14 18:07:47 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2010/03/14 18:07:47 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2010/03/14 18:07:47 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2010/03/14 18:07:47 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2010/03/14 18:07:47 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2010/03/14 18:07:47 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2010/03/14 18:07:47 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/03/14 18:07:47 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2010/03/14 18:07:47 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2010/03/14 18:07:46 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2010/03/14 18:07:46 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2010/03/14 18:07:28 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/03/14 18:06:59 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/03/14 18:06:59 | 000,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/03/14 18:06:59 | 000,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/03/14 18:06:59 | 000,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/03/14 18:06:59 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/03/14 18:06:59 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/03/14 18:06:59 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/03/14 18:06:59 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2010/03/14 18:05:50 | 000,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/03/14 18:05:50 | 000,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/03/14 18:05:50 | 000,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/03/14 18:05:50 | 000,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/03/14 18:05:50 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/03/14 18:05:50 | 000,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/03/14 18:05:50 | 000,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/03/14 18:05:43 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Security essentials 2010.lnk
[2010/03/14 18:05:28 | 000,041,984 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
[2010/03/14 18:04:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 18:03:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 18:03:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 18:03:35 | 527,486,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 18:02:59 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/14 18:02:52 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/03/14 18:02:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/03/14 18:02:46 | 003,776,124 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\ACEAAC1591855E3D.job
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\A2914D849186CAF8.job
[2010/03/14 18:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\AD03D58291844FFA.job
[2010/03/11 08:04:57 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Bernie\ntuser.dat
[2010/03/11 08:04:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bernie\ntuser.ini
[2010/03/11 07:51:55 | 000,036,384 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/10 22:24:51 | 000,000,950 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/10 22:24:51 | 000,000,644 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 22:24:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/10 22:17:07 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/03/10 22:17:07 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/03/08 19:51:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Office Word 2003.lnk
[2010/03/08 18:42:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/06 22:17:51 | 000,613,538 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Notch1 bicuspid valve primers.pdf
[2010/03/06 22:17:51 | 000,613,538 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Notch1 bicuspid valve primers.pdf
[2010/03/05 19:53:56 | 000,028,824 | ---- | M] () -- C:\img2-001.raw
[2010/02/28 20:09:42 | 000,390,528 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportBuka.sys
[2010/02/24 18:28:07 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/22 19:47:45 | 000,036,384 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 19:21:10 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\John\My Documents\My Sharing Folders.lnk
[2010/02/21 21:57:59 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 21:46:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SkypeCap.lnk
[2010/02/15 16:58:57 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\John\Desktop\CV1.doc
[5 C:\Documents and Settings\Sarah\My Documents\*.tmp files -> C:\Documents and Settings\Sarah\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 18:08:32 | 000,670,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2010/03/14 18:08:00 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/14 18:08:00 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/14 18:06:59 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2010/03/14 18:06:59 | 000,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2010/03/14 18:06:59 | 000,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2010/03/14 18:06:59 | 000,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2010/03/14 18:06:59 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2010/03/14 18:06:59 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2010/03/14 18:06:59 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2010/03/14 18:06:59 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2010/03/14 18:05:50 | 000,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2010/03/14 18:05:50 | 000,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2010/03/14 18:05:50 | 000,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2010/03/14 18:05:50 | 000,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2010/03/14 18:05:50 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2010/03/14 18:05:50 | 000,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2010/03/14 18:05:50 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2010/03/14 18:05:42 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Security essentials 2010.lnk
[2010/03/11 07:49:52 | 527,486,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/10 22:20:34 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll
[2010/03/10 22:17:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/03/10 22:17:51 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/03/06 22:27:38 | 000,613,538 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Notch1 bicuspid valve primers.pdf
[2010/03/06 22:17:50 | 000,613,538 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Notch1 bicuspid valve primers.pdf
[2010/02/21 21:46:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SkypeCap.lnk
[2010/02/21 21:46:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/21 21:46:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/21 21:46:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/02/15 16:58:57 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\John\Desktop\CV1.doc
[2009/06/23 16:42:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/06/23 16:42:59 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/06/23 16:41:01 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John\Application Data\$_hpcst$.hpc
[2009/02/01 21:45:25 | 000,102,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/12 21:59:57 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/10/25 12:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/07/21 19:15:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/05/09 19:47:15 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/24 18:18:58 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/21 15:26:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/21 15:20:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2006/11/19 11:07:34 | 000,000,271 | ---- | C] () -- C:\WINDOWS\FT3.ini
[2006/10/19 16:53:35 | 000,000,964 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/09/27 10:05:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/09/27 10:04:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/08/26 18:52:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.John.ini
[2005/08/24 11:59:12 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/07/07 19:31:23 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
[2005/05/16 19:43:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dll536.dll
[2005/05/16 19:43:59 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\dext536.ini
[2005/05/16 15:15:25 | 000,292,864 | ---- | C] () -- C:\WINDOWS\System32\Univ32.dll
[2005/05/16 15:15:22 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2005/05/16 15:15:21 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2005/05/16 15:15:21 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\LeadPlus.dll
[2005/05/16 15:15:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Categories.dll
[2005/03/21 16:09:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/13 12:43:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/29 14:49:42 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Maria\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/16 19:13:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/05 12:57:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/12/25 15:38:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2004/12/25 09:22:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/18 01:29:44 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/04 14:16:55 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/11/17 09:25:27 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/08 15:56:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini
[2004/11/07 14:07:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/10/01 04:57:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/01 04:35:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/01 04:30:47 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/10/01 04:24:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/01 04:24:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/01 04:24:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/01 04:24:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/01 04:24:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/01 04:24:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/01 04:23:39 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/01 04:23:34 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/01 04:18:04 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/01 02:52:07 | 000,167,324 | RHS- | C] () -- C:\WINDOWS\System32\zguhjj.dll
[2004/10/01 02:46:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/16 09:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 09:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 20:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/09 20:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2004/10/26 19:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Template
[2005/01/20 13:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Thunderbird
[2009/12/19 23:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Trusteer
[2004/10/26 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Template
[2004/12/25 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Atari
[2006/12/19 22:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\BitTorrent
[2007/01/28 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\EPSON
[2006/09/25 12:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ICAClient
[2004/11/17 09:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InterVideo
[2005/03/12 18:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\KeySafe
[2005/05/03 15:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2008/04/27 16:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LG Electronics
[2009/04/12 11:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LimeWire
[2005/03/12 18:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\My-disgo
[2009/06/23 16:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Samsung
[2007/03/19 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Screenshot Sender
[2010/03/08 18:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Spotify
[2004/10/26 18:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2005/01/08 11:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Thunderbird
[2009/11/08 08:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Trusteer
[2005/12/05 13:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Uploadthis
[2006/12/28 13:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\uTorrent
[2006/09/20 08:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Windows Live Safety Center
[2005/10/19 16:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\dvd chic
[2004/12/25 11:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Atari
[2007/01/23 13:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\ConvertTemp
[2005/10/19 16:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\dvd chic
[2006/09/26 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\ICAClient
[2007/01/23 14:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\IMVU
[2004/11/07 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\InterVideo
[2005/01/03 17:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Kazaa Lite
[2005/04/25 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Leadertech
[2007/01/23 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Samsung
[2004/11/08 17:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Template
[2007/01/23 13:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Temporary
[2005/01/10 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Thunderbird
[2007/01/23 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\TransRender
[2009/11/09 06:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Trusteer
[2005/12/05 13:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria\Application Data\Uploadthis
[2009/11/08 18:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2004/12/25 14:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Atari
[2006/12/31 11:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\ConvertTemp
[2005/10/20 11:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\dvd chic
[2006/12/28 18:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\EPSON
[2004/11/08 17:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\InterVideo
[2005/06/23 15:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Leadertech
[2007/09/16 08:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\LimeWire
[2006/12/31 11:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Samsung
[2004/10/26 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Template
[2006/12/31 11:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Temporary
[2005/01/09 10:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Thunderbird
[2006/12/31 11:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\TransRender
[2005/10/26 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Uploadthis
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\A2914D849186CAF8.job
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\ACEAAC1591855E3D.job
[2010/03/14 18:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\AD03D58291844FFA.job

========== Purity Check ==========


< End of report >
 
#4 ·
Hi,

Please do the following:


Bootback into OTLPE


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
SRV - [2009/03/21 10:58 | 000,167,324 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\zguhjj.dll -- (hldwzr)
DRV - File not found [Kernel | On_Demand] -- -- (unbkfe)
DRV - File not found [Kernel | On_Demand] -- -- (sziyhpd)
DRV - File not found [Kernel | On_Demand] -- -- (jynyq)
DRV - File not found [Kernel | On_Demand] -- -- (dggcsds)
DRV - File not found [Kernel | On_Demand] -- -- (cjcmmnyn)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\Bernie_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\John_ON_C..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\John_ON_C..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe (Security essentials)
O4 - HKU\Maria_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O7 - HKU\Bernie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O16 - DPF: {01737878-24AF-2BB9-1773-078C17DC29FA} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {02DEADB5-F851-0825-8CB5-4FA05135195C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {05CC0EAF-17EF-2C4C-8766-543D7FBDA1ED} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {080E6237-3209-6AF9-338C-33F709C2A8F9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0902A042-8646-6F04-0C21-0E655E5244B9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0BFB46D1-F357-1BEA-E8E1-094A799244EF} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0C22DD00-158C-71BC-C35A-0C9C3D8D2624} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0D5383FB-DC8C-2150-357B-534159C19498} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0F09E0EB-ABB1-3B39-571E-04AA0F43998B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {0F6027BC-8B37-2217-4BD5-19C3109B9662} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {10F20A12-6976-454E-221C-20150F9667E8} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {11A83681-31B4-78CB-57DD-5E3D368E180E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {12A6721C-4143-5992-F870-4BD4274971FD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {12F92A93-2AC1-6081-B501-1CD50EC1DCE2} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {131BE91B-4D2F-06C0-B653-15F92A57B72A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {137ADE69-2CFE-27D6-3756-00C837513EBD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {13F49F89-A8FD-3DA3-0C23-6F7724A5031E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {149C9D63-799E-350B-123A-5EEB400498E9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {196AC85D-802E-315D-824D-1BD40ACD4A06} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {19BAA907-C3DA-7AD0-11A0-4433163156E0} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1CF5F6BD-2157-4CD5-18A2-50DD2CD29DFA} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1D25F718-EE28-3C68-0822-04540BCE26F6} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {1EFBE8EA-20B6-059E-DA5B-1C7E7771B3D7} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {20A3D19A-904B-69CB-6B6B-04F90C342A35} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {23A18529-BD4A-4725-E086-690B05C5D3B3} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {24A70052-9816-3838-B9BF-6C43632E4508} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {25ACC39D-C2D8-6257-D2C8-790527E281D5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {274B1E9C-F9F9-7684-40B4-6BD967ED9A4C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {280F6016-FA51-24CE-D841-1A891C455063} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2920919D-39E1-4043-D3FC-567D2B6223C0} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {29361693-5DC8-65E4-65A2-4136209ECC6E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2A0ACDBD-EE29-5FDB-934C-69576821A4C4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2D12ECAF-1539-6584-2C72-23B436BB235B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2DA1E157-FC32-6379-AB9E-1EDE776E5719} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {2DEB13E3-12E7-7989-DBF9-797743E239AC} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {315E5988-0301-2C99-291E-16E8124FA058} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {32005D91-C7AA-15A5-D667-6B1C466B931C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {322F1CCC-2589-6A88-BC4D-0AB063526394} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {33B5A59A-6729-6CF8-A39E-12A675669EFF} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {3460ACDF-CDC2-693B-6A86-500C4DCFE89A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3496B885-C587-259C-A1F2-20627B1231C2} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {38652295-C919-7DDE-45D8-29AD3A265113} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3AE7E781-F8F8-5668-208D-4C9954B75C6A} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {3EA85C6A-944C-4DCB-E1B0-29FC41F0E5FE} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4347E7ED-EC01-5C9E-4E6B-21B32FAEEB2E} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {440A17A6-52F1-77EF-6629-74F64DA3AD7E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4515443C-97B0-7059-11E9-06313B7802E4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4518EDC9-5D59-662A-87A0-6B65571A2B65} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {452A6C8F-B535-1786-5501-4D9D0B464486} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {458D3DAE-4178-6E64-7AEC-766E63651A8E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47CD4FB9-BE71-6D2A-30F4-74C964D8EEDD} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47D671C0-51E7-672B-F1B7-751901E098EB} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {47FB36D8-F671-06B2-059F-29314E2BD662} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4A33DA14-D088-4741-0124-07047812EA23} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4A54389E-AB46-3A98-206E-0947445F1B80} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {4EDAD03E-50D0-5A10-3A37-5EAB2F990705} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {52FA7AD6-9ACC-6196-074E-2486639CD15C} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {55C09C5F-610A-274C-B680-555E2B8CFE20} http://85.255.113.214/1/gdnFR2218.exe  (Reg Error: Key error.)
O16 - DPF: {564FAEFA-1A8E-4B49-E7E5-16CD01956F79} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {569C2475-74CC-7562-E124-783162CCAA82} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5817A910-70EE-229D-6BB7-18905B70CE8D} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5898DA4C-C116-01D8-94F7-036029558120} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {58A9A0FA-6C0F-6BC0-9D2E-20D411EEFD0B} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {590C266D-D429-5C0C-B1C6-21895A71E8C3} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5A2E44A7-AA26-19FF-2E6E-3DAE4636B531} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5B5E4C52-2825-5E00-0C8C-7D2805407F95} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {5E3BB556-C3C3-7B99-CF38-030129781CB4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {605F3882-E0E7-0054-BA36-4CEA704405D9} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {60FDEA47-5B63-0A3D-D0D9-496655DCF586} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6262EF62-2FFB-7E9B-33B2-27DB356C5D83} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {62B008C0-A991-268E-2028-1B58147D28D6} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {63845A94-A548-714A-7651-0F7631DE07F4} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6546E420-7A81-561A-4959-149500DCF7BF} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {655F0739-DC03-4D53-7EBB-1466213C556E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {666D8850-8A59-5D12-B37C-15432637A470} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {67A13961-0CB6-72F7-BCD9-57C55A836516} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {684DA7B8-043D-4D50-402F-06315E33AC5E} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6CCDF3D6-1F67-50C2-FFAD-68255B7CF383} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6CD4AB92-44F2-7F78-9C64-485356730653} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6E33BB10-D092-61BB-E809-1C2660F72D96} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {6FB76065-C8F9-580B-D18B-43CA47D96985} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {70A827CE-B36C-7247-A99A-4A3F71CA4974} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {71697F5E-F9DA-44FF-DBCF-623706D91A82} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {75609AE8-12C7-268A-B08B-6F5D2CC408E5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {76EC8A28-306D-59A7-EF8C-58F53BF88E66} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {76F8F989-C5DB-4874-23BC-28B76C6982FE} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {783DAE0B-7CA2-0F28-D656-0C6A2541E5E7} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {794D77C2-948C-728F-13EC-068C158DC18F} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7BB883DC-53CA-39B8-A9D1-05596F47FDF5} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7E9F553C-280B-4E6B-FEB7-79D008B345AA} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O16 - DPF: {7F98FEEC-9271-4BF5-D005-7A41249CC9CC} http://85.255.113.214/1/gdnFR2218.exe (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - CLSID or File not found.
O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - C:\WINDOWS\System32\oqabf.dll File not found
O22 - SharedTaskScheduler: {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - bonspells - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {4d993022-0899-4599-b4b6-0f887d0802e6} - considerateness - C:\WINDOWS\System32\oqabf.dll File not found
O22 - SharedTaskScheduler: {62eb0924-19d2-4226-b4b9-8ad1f70904c1} - bronchovascular - Reg Error: Key error. File not found
[2010/03/14 18:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\ACEAAC1591855E3D.job
[2010/03/14 18:00:00 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\A2914D849186CAF8.job
[2010/03/14 18:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\AD03D58291844FFA.job
[2010/03/10 22:17:07 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/03/10 22:17:07 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/03/10 22:20:34 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll
[2004/10/01 02:52:07 | 000,167,324 | RHS- | C] () -- C:\WINDOWS\System32\zguhjj.dll

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-

:Files
C:\WINDOWS\system32\drivers\atapi.sys | C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

If you do not have internet access in the OTLPE Environment, then save this fix onto a USB stick and run from there:

Do the following:

Save the file as fix.txt onto your USB
  • Click the red Run Fix button.
  • You should be presented with a message "No Fix has been Provided! Do you want to load it from a file? Click Yes.
  • Browse to the fix.txt file on your USB stick, and click Open. The fix will then appear in the Custom Scans/Fixes window.
  • Click the red Run Fix button again.


Once the fix is completed, you should now be able to boot back into normal mode:



Once in normal mode do the following:




Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 
Save
Like Like
J
#5 ·
Hi CatByte,

I have pasted the code above into the OTLP custom scans/fixes box and clicked Run Fix. It seems to go OK until it reaches the point "Emptying temp folders. DO NOT INTERRUPT" and then it seems to freeze. I left it running overnight without interrupting it but it hadn't changed by the morning. So I tried to do it again, but it seems to have frozen at the "Emptying temp folders" bit again.

Am I doing something wrong?
 
#6 ·
Hi,

No, I doubt you are doing anything incorrectly, your machine is heavily infected.

Have you tried booting normally?

What happens now when you try and boot normally?

If you cannot boot normally still, boot back into OTLPE and run a regular scan with OTL as per the first set of instructions and post the new log.
 
Save
Like Like
J
#7 ·
When I try and boot normally I still get the same result as before...the black screen with options of safe mode etc. When I choose an option the computer restarts itself and the same thing happens again. I will run another scan and post it here. Do you think my files are in danger?

Thanks
 
J
#9 ·
Hi CatByte,

I managed to get my system to boot normally and it seemed to be running fine. I downloaded and ran ComboFix, which was scanning for malware (think it got to point 48 or 49) when the computer restarted itself suddenly. When I went back into my desktop I received a couple of error messages saying something along the lines of there being a critical problem and would I like to send an error report - which I declined. I had a look in my C: drive for the ComboFix.txt file but it wasn't there....so I presume something went wrong with the malware scan?

I haven't tried it again in accordance with your message above.
 
#10 ·
Ok,

good,

glad the machine is booting normally now (what did you do)

Please delete the copy of combofix that you have on your desktop and download a fresh copy,

make sure all your security programs are disabled and all other windows closed, then allow combofix to run uninterrupted.

If it still will not run to completion, try running it in safemode.

If combofix reboots itself, make sure you boot back into safe mode so it can complete a log.
 
Save
Like Like
J
#13 ·
Does it make a difference where the file is located? I found it in C:\ComboFix\Combofix.txt, not C:\ComboFix.txt. This is the whole text in the ComboFix.txt file:

ComboFix 10-03-19.08 - John 20/03/2010 12:13:18.3.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.361 [GMT 0:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\John\Desktop\Security essentials 2010.lnk
C:\Documents and Settings\John\Favorites\Online Security Test.url
C:\Documents and Settings\John\Start Menu\Security essentials 2010.lnk
C:\Documents and Settings\Sarah\Desktop\Download programs.url
C:\Documents and Settings\Sarah\Desktop\Games.url
C:\Documents and Settings\Sarah\Desktop\Translator.url
C:\Documents and Settings\Sarah\Desktop\Videos.url
C:\Documents and Settings\Sarah\Favorites\Download programs.url
C:\Documents and Settings\Sarah\Favorites\Games.url
C:\Documents and Settings\Sarah\Favorites\Translator.url
C:\Documents and Settings\Sarah\Favorites\Videos.url
C:\Documents and Settings\Sarah\Start Menu\Programs\Download programs.url
C:\Documents and Settings\Sarah\Start Menu\Programs\Games.url
C:\Documents and Settings\Sarah\Start Menu\Programs\Translator.url
C:\Documents and Settings\Sarah\Start Menu\Programs\Videos.url
C:\Program Files\qualitycodec
C:\WINDOWS\run.log
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_KID_S_OBJECTS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_LABORATORY_EQUIPMENT.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_OUTDOORS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SCHOOL.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SCHOOL_DAYS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SCHOOL_KIDS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS___LEISURE.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_ACCESSORIES.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_AND_LEISURE.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_CARTOON.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_CARTOONS.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_EQUIPMENT.ch
C:\WINDOWS\system32\Cache\86E03B0D\CLIPART_SPORTS_KIDS.ch
C:\WINDOWS\system32\Cache\B0F63F25\Documents and Settings_John_Desktop.ch
C:\WINDOWS\system32\Cache\F6F5A901\CLIPART_Children Activities.ch
C:\WINDOWS\system32\search.dll
C:\WINDOWS\system32\STEC3.sys
C:\WINDOWS\system32\zip32.dll

-- Previous Run --

Infected copy of C:\WINDOWS\system32\userinit.exe was found and disinfected
Restored copy from - C:\WINDOWS\ServicePackFiles\i386\userinit.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-17 08:00:48 . 2010-03-17 08:00:48 -------- d-----w- C:\_OTL
2010-03-14 22:08:05 . 2010-03-14 22:07:47 36400 ----a-r- C:\WINDOWS\system32\drivers\SymIM.sys
2010-03-14 22:08:00 . 2010-03-14 22:08:01 -------- d-----w- C:\Program Files\Symantec
2010-03-14 22:08:00 . 2010-03-14 22:08:00 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL
2010-03-14 22:08:00 . 2010-03-14 22:08:00 124976 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-03-14 22:05:50 . 2010-03-20 11:07:44 -------- d-----w- C:\WINDOWS\system32\drivers\N360
2010-03-14 22:05:44 . 2010-03-14 22:06:59 -------- d-----w- C:\Program Files\Norton 360
2010-03-14 21:53:28 . 2010-03-14 21:53:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PCSettings
2010-03-14 21:53:23 . 2010-03-14 21:53:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-03-14 21:51:45 . 2010-03-14 22:05:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-14 21:51:45 . 2010-03-14 21:51:45 -------- d-----w- C:\Program Files\NortonInstaller
2010-03-01 00:09:42 . 2010-03-01 00:09:42 390528 ----a-w- C:\WINDOWS\system32\drivers\RapportBuka.sys
2010-02-24 23:07:02 . 2010-03-20 12:35:31 -------- d-----w- C:\Documents and Settings\John\Tracing
2010-02-22 23:02:12 . 2010-02-22 23:02:12 -------- d-----w- C:\Program Files\Microsoft
2010-02-22 23:01:24 . 2010-02-22 23:01:24 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2010-02-22 01:53:10 . 2010-02-22 01:53:10 -------- d-----w- C:\Documents and Settings\John\Application Data\SkypeCap
2010-02-22 01:46:42 . 2010-02-22 01:46:42 -------- d-----w- C:\Program Files\Common Files\GeoVid
2010-02-22 01:46:41 . 2010-02-22 01:46:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\GeoVid
2010-02-22 01:46:41 . 2007-06-28 19:54:10 180224 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2010-02-22 01:46:41 . 2007-06-28 19:52:18 765952 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2010-02-22 01:46:40 . 2004-08-18 16:00:00 1712128 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2010-02-22 01:46:39 . 2005-06-07 16:11:02 60416 ----a-w- C:\WINDOWS\system32\dsetup.dll
2010-02-22 01:46:37 . 2010-02-22 01:46:37 -------- d-----w- C:\Program Files\SkypeCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 00:20:30 . 2008-10-19 17:54:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-03-14 22:27:06 . 2008-10-19 17:51:40 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-03-14 22:08:00 . 2010-03-14 22:08:00 806 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2010-03-14 22:08:00 . 2010-03-14 22:08:00 7456 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2010-03-14 22:07:46 . 2008-01-29 11:01:28 26600 ----a-r- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-03-14 22:07:28 . 2008-01-29 11:02:30 107368 ----a-r- C:\WINDOWS\system32\GEARAspi.dll
2010-03-14 22:00:48 . 2008-10-15 21:16:15 -------- d-----w- C:\Documents and Settings\John\Application Data\Symantec
2010-03-11 11:51:55 . 2004-11-08 20:54:56 36384 ----a-w- C:\Documents and Settings\Bernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 01:19:58 . 2007-07-01 18:40:34 -------- d-----w- C:\Documents and Settings\John\Application Data\Skype
2010-03-08 22:23:27 . 2009-07-21 23:36:22 -------- d-----w- C:\Documents and Settings\John\Application Data\Spotify
2010-02-25 22:40:20 . 2004-12-31 01:20:33 -------- d-----w- C:\Program Files\Messenger Plus! 3
2010-02-25 00:50:47 . 2004-11-23 12:06:35 -------- d-----w- C:\Program Files\EA SPORTS
2010-02-25 00:50:39 . 2004-10-01 08:24:54 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-25 00:45:12 . 2006-04-14 17:24:28 -------- d-----w- C:\Program Files\LimeWire
2010-02-22 23:47:45 . 2004-10-26 22:42:51 36384 ----a-w- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 23:00:40 . 2007-06-10 22:40:22 -------- d-----w- C:\Program Files\Windows Live
2010-02-15 22:35:21 . 2004-12-25 20:20:16 -------- d-----w- C:\Documents and Settings\John\Application Data\Apple Computer
2010-02-15 20:55:18 . 2007-12-02 19:14:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-02-15 20:36:04 . 2010-02-15 20:33:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-15 20:36:04 . 2007-12-30 17:34:29 -------- d-----w- C:\Program Files\iTunes
2010-02-15 20:34:29 . 2010-02-15 20:34:28 -------- d-----w- C:\Program Files\iPod
2010-02-15 20:34:22 . 2009-01-07 19:53:56 -------- d-----w- C:\Program Files\Common Files\Apple
2010-02-15 20:29:41 . 2010-02-15 20:28:21 -------- d-----w- C:\Program Files\QuickTime
2010-02-15 20:08:35 . 2010-02-15 20:08:20 -------- d-----w- C:\Program Files\Safari
2010-02-15 20:04:29 . 2010-02-15 20:04:29 -------- d-----w- C:\Program Files\Bonjour
2010-02-10 22:13:06 . 2010-02-10 22:13:05 -------- d-----w- C:\Program Files\Common Files\Windows Live
2010-02-09 10:19:34 . 2007-11-03 23:29:03 -------- d-----w- C:\Documents and Settings\John\Application Data\MSN6
2008-06-30 12:44:08 . 2008-10-19 20:05:44 324976 ----a-w- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
2005-04-04 01:45:48 . 2006-09-25 16:38:55 24848 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 01:45:48 . 2006-09-25 16:38:55 74000 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 01:45:50 . 2006-09-25 16:38:55 45328 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2005-04-04 01:45:50 . 2006-09-25 16:38:55 28944 ----a-w- C:\Program Files\mozilla firefox\plugins\pscript.dll
2005-04-04 01:45:52 . 2006-09-25 16:38:55 69904 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 01:45:52 . 2006-09-25 16:38:55 24848 ----a-w- C:\Program Files\mozilla firefox\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 16:44:34 3883856]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 08:55:56 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-07-01 10:02:52 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 09:58:46 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 15:19:50 66048]
"btbb_wcm_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2008-08-28 19:33:03 1516032]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 02:39:16 549376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 21:45:32 279912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-10 23:08:18 417792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-22 00:22:59 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Body Idol

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWFX5

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2008-09-11 06:55:40 1517056 ----a-w- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eggs bat eq pure]
2005-10-19 18:41:46 0 ----a-w- C:\Documents and Settings\All Users\Application Data\joy soap eggs bat\Rect Pure.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2006-07-31 19:00:24 19857408 ----a-w- C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16:42 141608 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 17:52:10 462935 ----a-w- C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV_Update]
2003-03-13 10:37:35 32768 ----a-w- C:\NAV_Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-22 00:22:59 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45:08 313472 ----a-r- C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46:52 709992 ----a-w- C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6008:TCP"= 6008:TCP:epilwlb

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\N360\0308000.029\SymEFA.sys [20/03/2010 01:40:13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\N360\0308000.029\BHDrvx86.sys [20/03/2010 01:40:08 259632]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\N360\0308000.029\cchpx86.sys [20/03/2010 01:40:09 482432]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [19/03/2010 00:26:12 329592]
R1 RapportBuka;RapportBuka;C:\WINDOWS\system32\drivers\RapportBuka.sys [01/03/2010 00:09:42 390528]
R1 RapportKELL;RapportKELL;C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [17/02/2010 11:44:20 58984]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [17/02/2010 11:44:20 108904]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [23/06/2009 20:42:59 233472]
R2 N360;Norton 360;C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [20/03/2010 01:37:48 117640]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/02/2010 11:44:12 779496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/03/2010 06:04:56 102448]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [23/06/2009 20:42:59 36608]
S2 Ca536av;Take-it DV Series;C:\WINDOWS\system32\drivers\Ca536av.sys [16/05/2005 23:43:59 514859]
S3 cdiskdun;cdiskdun;\??\C:\DOCUME~1\John\LOCALS~1\Temp\cdiskdun.sys --> C:\DOCUME~1\John\LOCALS~1\Temp\cdiskdun.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hldwzr
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45:32 . 2007-05-17 21:45:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maria\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} - hxxp://216.87.37.188/app/FXCtrl.cab
FF - ProfilePath - C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\27fz4048.default\
FF - prefs.js: browser.startup.homepage - uk.msn.com
FF - component: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npican.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{E770AFA1-5066-01E2-6129-51EBB2570CAA} - (no file)
HKLM-Run-Launch LGDCore - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
HKU-Default-Run-Spyware Doctor - (no file)
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-MessengerPlus3 - C:\Program Files\Messenger Plus! 3\MsgPlus.exe
MSConfigStartUp-osCheck - C:\Program Files\Norton 360\osCheck.exe
AddRemove-Internet Explorer Security Plugin 2006 - C:\Program Files\QualityCodec\iesuninst.exe
AddRemove-Public Messenger ver 2.03 - C:\Program Files\QualityCodec\pmuninst.exe
AddRemove-QualityCodec - C:\Program Files\QualityCodec\uninst.exe
AddRemove-Sabrina - D:\setup.exe
AddRemove-ShockwaveFlash - C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
 
#14 ·
Hi,

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code: 
File::
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\All Users\Application Data\joy soap eggs bat\Rect Pure.exe
C:\DOCUME~1\John\LOCALS~1\Temp\cdiskdun.sys

Registry::
[-HKLM\~\startupfolder\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk]
[-HKLM\~\startupfolder\C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWFX5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eggs bat eq pure]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6008:TCP"=

NetSvc::
hldwzr

Driver::
cdiskdun

DDS::
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
Save
Like Like
J
#15 ·
Ok I've tried that, but when it was running the scan it rebooted again and now I can't find any ComboFix.txt file. It came up with an error report saying that my system had recovered from a serious problem and asked me whether I want to send an error report. The CFScript.txt file has also disappeared from my desktop.
 
#18 ·
Hi,

Yes try it again,

make certain all your security programs are disabled and all other programs closed.

Give ComboFix lots of time to complete and allow it lots of time to create a log.
 
Save
Like Like
J
#19 ·
Hi CatByte,

I've followed all your instructions but still having problems. I ran ComboFix with the CFScript.txt again but I got the an "Error-Win32 only. Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP...but mine is XP! Anyway, when i clicked OK the scan carried on regardless, but the computer restarted again at stage 50 I think and when it reloaded there was no evidence of a ComboFix folder or txt file. I left it for a long time to maybe finish what it was doing but nothing happened. So I deleted ComboFix.exe and re-installed it and ran another scan (not using the CFScript.txt file). This one ran to completion and cam up with the message "Preparing Log Report". Then it restarted. Once the system had reloaded I got another pop up message saying "System has recovered froma serious error. A log of this error has been created", and it asked me if I wanted to send an error report to Microsoft. I've written down the error signature and the technical information (error report contents- this contains two files, of which I have written down the location).

There was no C:\ComboFix.txt file, but it was present in the C:\ComboFix folder. I have pasted the txt file below...but it looks quite similar to before!:


ComboFix 10-03-23.03 - John 23/03/2010 22:36:29.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.204 [GMT 0:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of C:\WINDOWS\system32\userinit.exe was found and disinfected
Restored copy from - C:\WINDOWS\ServicePackFiles\i386\userinit.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 00:33:03 . 2010-03-23 01:29:08 -------- d-----w- C:\Documents and Settings\John\Local Settings\Application Data\Temp
2010-03-23 00:32:10 . 2010-03-23 00:32:11 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2010-03-23 00:29:34 . 2010-03-23 00:29:35 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2010-03-23 00:26:50 . 2010-03-23 00:26:50 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
2010-03-23 00:26:30 . 2010-03-23 00:26:45 -------- d-----w- C:\Documents and Settings\John\Application Data\skypePM
2010-03-23 00:24:39 . 2010-03-23 00:24:39 -------- d-----w- C:\Program Files\Common Files\Skype
2010-03-23 00:24:34 . 2010-03-23 00:24:40 -------- d-----r- C:\Program Files\Skype
2010-03-21 01:44:38 . 2010-03-21 01:44:38 -------- d-----w- C:\Documents and Settings\John\Local Settings\Application Data\PCHealth
2010-03-20 13:29:06 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2010-03-20 13:26:20 . 2009-10-15 16:28:26 81920 -c----w- C:\WINDOWS\system32\dllcache\fontsub.dll
2010-03-20 13:26:19 . 2009-10-15 16:28:26 119808 -c----w- C:\WINDOWS\system32\dllcache\t2embed.dll
2010-03-20 13:25:50 . 2009-06-21 21:44:50 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll
2010-03-20 13:25:38 . 2009-10-23 15:28:37 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe
2010-03-20 13:21:59 . 2009-07-10 13:27:49 1315328 -c----w- C:\WINDOWS\system32\dllcache\msoe.dll
2010-03-17 08:00:48 . 2010-03-17 08:00:48 -------- d-----w- C:\_OTL
2010-03-14 22:08:05 . 2010-03-14 22:07:47 36400 ----a-r- C:\WINDOWS\system32\drivers\SymIM.sys
2010-03-14 22:08:00 . 2010-03-14 22:08:01 -------- d-----w- C:\Program Files\Symantec
2010-03-14 22:08:00 . 2010-03-14 22:08:00 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL
2010-03-14 22:08:00 . 2010-03-14 22:08:00 124976 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-03-14 22:05:50 . 2010-03-20 11:07:44 -------- d-----w- C:\WINDOWS\system32\drivers\N360
2010-03-14 22:05:44 . 2010-03-14 22:06:59 -------- d-----w- C:\Program Files\Norton 360
2010-03-14 21:53:28 . 2010-03-14 21:53:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PCSettings
2010-03-14 21:53:23 . 2010-03-14 21:53:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-03-14 21:51:45 . 2010-03-14 22:05:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-14 21:51:45 . 2010-03-14 21:51:45 -------- d-----w- C:\Program Files\NortonInstaller
2010-03-01 00:09:42 . 2010-03-01 00:09:42 390528 ----a-w- C:\WINDOWS\system32\drivers\RapportBuka.sys
2010-02-24 23:07:02 . 2010-03-23 22:06:08 -------- d-----w- C:\Documents and Settings\John\Tracing
2010-02-22 23:02:12 . 2010-02-22 23:02:12 -------- d-----w- C:\Program Files\Microsoft
2010-02-22 23:01:24 . 2010-02-22 23:01:24 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2010-02-22 01:53:10 . 2010-02-22 01:53:10 -------- d-----w- C:\Documents and Settings\John\Application Data\SkypeCap
2010-02-22 01:46:42 . 2010-02-22 01:46:42 -------- d-----w- C:\Program Files\Common Files\GeoVid
2010-02-22 01:46:41 . 2010-02-22 01:46:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\GeoVid
2010-02-22 01:46:41 . 2007-06-28 19:54:10 180224 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2010-02-22 01:46:41 . 2007-06-28 19:52:18 765952 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2010-02-22 01:46:40 . 2004-08-18 16:00:00 1712128 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2010-02-22 01:46:39 . 2005-06-07 16:11:02 60416 ----a-w- C:\WINDOWS\system32\dsetup.dll
2010-02-22 01:46:37 . 2010-02-22 01:46:37 -------- d-----w- C:\Program Files\SkypeCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 03:25:21 . 2007-07-01 18:40:34 -------- d-----w- C:\Documents and Settings\John\Application Data\Skype
2010-03-23 00:26:18 . 2005-12-27 22:42:16 -------- d-----w- C:\Program Files\Google
2010-03-23 00:24:34 . 2007-07-01 18:37:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype
2010-03-19 00:20:30 . 2008-10-19 17:54:03 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-03-14 22:27:06 . 2008-10-19 17:51:40 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-03-14 22:08:00 . 2010-03-14 22:08:00 806 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2010-03-14 22:08:00 . 2010-03-14 22:08:00 7456 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2010-03-14 22:07:46 . 2008-01-29 11:01:28 26600 ----a-r- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-03-14 22:07:28 . 2008-01-29 11:02:30 107368 ----a-r- C:\WINDOWS\system32\GEARAspi.dll
2010-03-14 22:00:48 . 2008-10-15 21:16:15 -------- d-----w- C:\Documents and Settings\John\Application Data\Symantec
2010-03-11 11:51:55 . 2004-11-08 20:54:56 36384 ----a-w- C:\Documents and Settings\Bernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-08 22:23:27 . 2009-07-21 23:36:22 -------- d-----w- C:\Documents and Settings\John\Application Data\Spotify
2010-02-25 22:40:20 . 2004-12-31 01:20:33 -------- d-----w- C:\Program Files\Messenger Plus! 3
2010-02-25 00:50:47 . 2004-11-23 12:06:35 -------- d-----w- C:\Program Files\EA SPORTS
2010-02-25 00:50:39 . 2004-10-01 08:24:54 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-25 00:45:12 . 2006-04-14 17:24:28 -------- d-----w- C:\Program Files\LimeWire
2010-02-22 23:47:45 . 2004-10-26 22:42:51 36384 ----a-w- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 23:00:40 . 2007-06-10 22:40:22 -------- d-----w- C:\Program Files\Windows Live
2010-02-15 22:35:21 . 2004-12-25 20:20:16 -------- d-----w- C:\Documents and Settings\John\Application Data\Apple Computer
2010-02-15 20:55:18 . 2007-12-02 19:14:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-02-15 20:36:04 . 2010-02-15 20:33:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-15 20:36:04 . 2007-12-30 17:34:29 -------- d-----w- C:\Program Files\iTunes
2010-02-15 20:34:29 . 2010-02-15 20:34:28 -------- d-----w- C:\Program Files\iPod
2010-02-15 20:34:22 . 2009-01-07 19:53:56 -------- d-----w- C:\Program Files\Common Files\Apple
2010-02-15 20:29:41 . 2010-02-15 20:28:21 -------- d-----w- C:\Program Files\QuickTime
2010-02-15 20:08:35 . 2010-02-15 20:08:20 -------- d-----w- C:\Program Files\Safari
2010-02-15 20:04:29 . 2010-02-15 20:04:29 -------- d-----w- C:\Program Files\Bonjour
2010-02-10 22:13:06 . 2010-02-10 22:13:05 -------- d-----w- C:\Program Files\Common Files\Windows Live
2010-02-09 10:19:34 . 2007-11-03 23:29:03 -------- d-----w- C:\Documents and Settings\John\Application Data\MSN6
2010-01-05 10:00:29 . 2004-02-06 18:05:06 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-01-05 10:00:21 . 2004-08-04 07:56:42 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2010-01-05 10:00:20 . 2004-10-01 06:51:52 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-12-31 16:50:03 . 2004-10-01 06:52:26 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2008-06-30 12:44:08 . 2008-10-19 20:05:44 324976 ----a-w- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
2005-04-04 01:45:48 . 2006-09-25 16:38:55 24848 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 01:45:48 . 2006-09-25 16:38:55 74000 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 01:45:50 . 2006-09-25 16:38:55 45328 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2005-04-04 01:45:50 . 2006-09-25 16:38:55 28944 ----a-w- C:\Program Files\mozilla firefox\plugins\pscript.dll
2005-04-04 01:45:52 . 2006-09-25 16:38:55 69904 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 01:45:52 . 2006-09-25 16:38:55 24848 ----a-w- C:\Program Files\mozilla firefox\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 16:44:34 3883856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-23 00:25:51 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-07-01 10:02:52 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 09:58:46 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 15:19:50 66048]
"btbb_wcm_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2008-08-28 19:33:03 1516032]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 02:39:16 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [BU]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-22 00:22:59 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 00:12:16 15360]
"Spyware Doctor"="" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Body Idol

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2008-09-11 06:55:40 1517056 ----a-w- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2006-07-31 19:00:24 19857408 ----a-w- C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16:42 141608 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\Messenger Plus! 3\MsgPlus.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 17:52:10 462935 ----a-w- C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV_Update]
2003-03-13 10:37:35 32768 ----a-w- C:\NAV_Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton 360\osCheck.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-22 00:22:59 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45:08 313472 ----a-r- C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2007-04-10 21:46:52 709992 ----a-w- C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6008:TCP"= 6008:TCP:epilwlb

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\N360\0308000.029\SymEFA.sys [20/03/2010 01:40:13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\N360\0308000.029\BHDrvx86.sys [20/03/2010 01:40:08 259632]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\N360\0308000.029\cchpx86.sys [20/03/2010 01:40:09 482432]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [19/03/2010 00:26:12 329592]
R1 RapportBuka;RapportBuka;C:\WINDOWS\system32\drivers\RapportBuka.sys [01/03/2010 00:09:42 390528]
R1 RapportKELL;RapportKELL;C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 13:47:30 58984]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 13:47:30 116328]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [23/06/2009 20:42:59 233472]
R2 N360;Norton 360;C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [20/03/2010 01:37:48 117640]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 13:47:22 779496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/03/2010 23:14:02 102448]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [23/06/2009 20:42:59 36608]
S2 Ca536av;Take-it DV Series;C:\WINDOWS\system32\drivers\Ca536av.sys [16/05/2005 23:43:59 514859]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/03/2010 00:26:43 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hldwzr
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-23 00:26:43 . 2010-03-23 00:26:00]

2010-03-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-23 00:26:43 . 2010-03-23 00:26:00]

2008-12-13 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45:32 . 2007-05-17 21:45:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freeserve.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maria\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} - hxxp://216.87.37.188/app/FXCtrl.cab
FF - ProfilePath - C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\27fz4048.default\
FF - prefs.js: browser.startup.homepage - uk.msn.com
FF - component: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npican.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{E770AFA1-5066-01E2-6129-51EBB2570CAA} - (no file)



Also, my system seems to be running much better now, but it can be extremely slow at times. I have downloaded the latest Norton and ran a full virus/spyware/malware scan and I think it dealt with 4 files. Do you think the virus is gone now? I'm not so sure because like I said, at times the computer can run really slow.

Thanks.
 
#20 ·
Hi,

Do you remember what files Norton located?

Please do the following:




Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Image

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report
 
Save
Like Like
#21 ·
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Hard Drive & SSD Support PC Gaming Support