Jump to content

xp defender pro


Recommended Posts

Hi all. I am writing on behalf of my dad. His computer is infected with xp defender pro. I saw some other posts with the same problem and so I downloaded and ran the two programs mentioned. OTL and Gmer. Following are the text files from the two scans in this order. Otl.txt; extras.txt; ark.txt. Thanks in advance to anyone who takes this on.

OTL logfile created on: 3/17/2010 8:09:27 PM - Run 2

OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.15 Gb Total Space | 84.80 Gb Free Space | 59.65% Space Free | Partition Type: NTFS

Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 149.05 Gb Total Space | 143.69 Gb Free Space | 96.40% Space Free | Partition Type: NTFS

Drive H: | 973.17 Mb Total Space | 965.47 Mb Free Space | 99.21% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

Computer Name: YOUR-C30BE43EA5

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe ()

PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

PRC - C:\Program Files\Maxtor\Sync\MaxSync.exe (Seagate Technology LLC)

PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\WINDOWS\ModPS2Key.exe (Chicony)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()

PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll (Symantec Corporation)

MOD - C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll (BackWeb)

========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)

DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)

DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3650

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 72 10 D3 60 4B CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/28 13:03:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 22:05:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/17 20:03:03 | 000,000,000 | ---D | M]

[2008/12/20 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions

[2008/12/20 14:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)

O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Power2GoExpress] File not found

O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.176.95.182 72.22.30.25

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/05/11 17:13:39 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - G:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{511b07db-07f3-11dd-b8e3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/04/18 17:33:36 | 000,950,272 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe" /START "%1" %* ()

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/06 20:37:54 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 19:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3

[2010/03/17 19:35:52 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/03/17 19:20:02 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/03/10 13:01:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2009/01/03 15:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/05/06 20:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2006/05/06 20:38:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/05/06 20:38:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2005/12/15 12:03:40 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 20:05:16 | 000,000,148 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\.~lock.Help dad.doc#

[2010/03/17 20:03:16 | 001,424,384 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/03/17 20:03:15 | 001,089,536 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2010/03/17 20:03:06 | 000,019,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QJyrk5wvCU1

[2010/03/17 20:03:06 | 000,019,080 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1

[2010/03/17 20:02:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/03/17 20:02:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/17 20:02:41 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/17 20:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/17 20:01:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT

[2010/03/17 20:01:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2010/03/17 19:55:03 | 000,015,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Help dad.docm

[2010/03/17 19:35:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2010/03/17 19:27:40 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Help dad.doc

[2010/03/17 19:22:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1oz0imt7.exe

[2010/03/17 19:19:28 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/03/17 17:14:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job

[2010/03/16 14:50:32 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe

[2010/03/15 20:00:01 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job

[2010/03/14 08:13:51 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/14 08:13:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/14 08:13:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/24 21:50:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/17 19:59:16 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 20:05:16 | 000,000,148 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\.~lock.Help dad.doc#

[2010/03/17 19:55:02 | 000,015,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Help dad.docm

[2010/03/17 19:29:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Help dad.doc

[2010/03/17 19:22:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1oz0imt7.exe

[2010/03/16 14:50:38 | 000,019,080 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QJyrk5wvCU1

[2010/03/16 14:50:38 | 000,019,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1

[2010/03/16 14:50:32 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe

[2009/03/12 10:03:06 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico

[2009/02/08 17:37:32 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/02 14:02:27 | 000,003,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2008/10/15 17:12:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2008/10/15 17:10:19 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2008/10/15 16:47:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2008/10/15 16:44:22 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/04/11 13:25:05 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2008/04/11 13:25:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2008/04/11 13:24:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2008/01/08 09:38:29 | 000,019,286 | ---- | C] () -- C:\Program Files\Common Files\InternetAntivirusPro.exe

[2008/01/08 09:38:29 | 000,019,286 | ---- | C] () -- C:\Program Files\Common Files\file.exe

[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/06 20:24:27 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/06 20:24:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/02/27 11:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01C5

[2009/02/25 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01D4

[2009/03/20 10:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14119

[2009/04/01 13:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14167

[2009/04/14 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1429F

[2008/12/30 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16EA

[2009/03/02 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17AB

[2009/05/17 16:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1834B

[2009/03/13 10:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C31C

[2008/12/31 00:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1C37A

[2009/03/24 11:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D3A9

[2009/03/22 12:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E2EE

[2009/03/01 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\223C8

[2009/02/28 11:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23EA

[2009/03/11 17:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\253D8

[2009/04/23 10:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26242

[2009/02/23 12:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26251

[2009/03/05 18:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26CB

[2009/03/18 08:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2D138

[2009/01/02 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E1A5

[2009/05/18 10:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F4E

[2009/02/17 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323A9

[2009/04/06 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\332EE

[2009/03/10 10:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\341A5

[2009/02/26 15:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\36BB

[2009/03/16 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38EA

[2009/03/15 11:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3A0

[2008/12/26 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\41FD

[2009/09/24 18:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\52AF

[2009/04/12 17:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E4E

[2009/03/12 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F2BF

[2008/10/15 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2009/06/14 11:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2008/04/11 13:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2008/12/06 18:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\alot

[2009/01/05 18:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon

[2008/10/15 17:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com

[2009/07/28 13:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2008/04/11 13:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2008/12/02 14:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

[2008/12/31 14:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer

[2008/12/20 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

[2010/03/17 17:14:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 3/17/2010 7:58:39 PM - Run 1

OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.15 Gb Total Space | 84.79 Gb Free Space | 59.65% Space Free | Partition Type: NTFS

Drive D: | 6.89 Gb Total Space | 4.22 Gb Free Space | 61.25% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 149.05 Gb Total Space | 143.69 Gb Free Space | 96.40% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-C30BE43EA5

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant

"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect

"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone

"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg

"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb

"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"alotToolbar" = ALOT Toolbar

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3

"Ask Toolbar_is1" = Ask Toolbar

"BearShare MediaBar" = MediaBar 2.0

"EsetOnlineScanner" = ESET Online Scanner

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Viewer" = HP Document Viewer 6.1

"HP Imaging Device Functions" = HP Imaging Device Functions 6.1

"HP Photo & Imaging" = HP Photosmart Premier Software 6.1

"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager

"InterAntiVPro_is1" = Internet Antivirus (1.1.2.0)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NIS" = Norton Internet Security

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QuickTime" = QuickTime

"WGA" = Windows Genuine Advantage Validation Tool

"WildTangent emachines Master Uninstall" = eMachines Games

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/16/2009 4:26:29 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 11/16/2009 4:26:34 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 11/16/2009 4:27:58 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 11/24/2009 12:45:00 AM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 6:11:51 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 2:30:48 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2010 7:35:42 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 8:48:10 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 8:48:14 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2010 4:08:55 PM | Computer Name = YOUR-C30BE43EA5 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

< End of report >

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-17 20:41:50

Windows 5.1.2600 Service Pack 3

Running: 1oz0imt7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agxiyaow.sys

---- System - GMER 1.0.15 ----

SSDT 86D91528 ZwAlertResumeThread

SSDT 86D91608 ZwAlertThread

SSDT 86D13628 ZwAllocateVirtualMemory

SSDT 86B5CE38 ZwAssignProcessToJobObject

SSDT 86F885E8 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA1B1130]

SSDT 86C08BB8 ZwCreateMutant

SSDT 86C6DFC0 ZwCreateSymbolicLinkObject

SSDT 86A87F68 ZwCreateThread

SSDT 86BD3B10 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA1B13B0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA1B1910]

SSDT 86BE3628 ZwDuplicateObject

SSDT 86D477A8 ZwFreeVirtualMemory

SSDT 86C197C8 ZwImpersonateAnonymousToken

SSDT 86C198A8 ZwImpersonateThread

SSDT 86DF1798 ZwLoadDriver

SSDT 86D476A8 ZwMapViewOfSection

SSDT 86C08AF8 ZwOpenEvent

SSDT 86D97DA0 ZwOpenProcess

SSDT 86BE3548 ZwOpenProcessToken

SSDT 86BD3EF0 ZwOpenSection

SSDT 86D97CD0 ZwOpenThread

SSDT 86B5CD48 ZwProtectVirtualMemory

SSDT 87046C70 ZwResumeThread

SSDT 86DCEEC0 ZwSetContextThread

SSDT 86DDCC48 ZwSetInformationProcess

SSDT 86BD3BF0 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA1B1B60]

SSDT 86BD3FD0 ZwSuspendProcess

SSDT 86DCED20 ZwSuspendThread

SSDT 86C8C370 ZwTerminateProcess

SSDT 86DCEE00 ZwTerminateThread

SSDT 86DDCD38 ZwUnmapViewOfSection

SSDT 86D13558 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 80501C20 4 Bytes CALL B8D714AA

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Dad was needing his computer so I found a thread similar to mine from Pyromaniac. I followed the advice given. I ran combofix and malwarebytes. The logs follow.

ComboFix 10-03-18.01 - Owner 03/18/2010 17:46:03.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.457 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\alot

c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Owner\Application Data\alot\products\products.xml

c:\documents and settings\Owner\Application Data\alot\products\products.xml.backup

c:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1033_alot_music_search.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1033_alot_music_search.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1310_alot_mus_lyrics.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1310_alot_mus_lyrics.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\clear.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\cloudy.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1007_alot_weather_widget.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\mcloud.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\nclear.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\nmcloud.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\pcloud.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1029_alot_rss.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1029_alot_rss.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_freemusic.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_freemusic.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1100_alot_mus_mymusic.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.png

c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.png

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Owner\Application Data\alot\toolbar.xml

c:\documents and settings\Owner\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\Owner\Local Settings\Application Data\ave.exe

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\2ybPj05dt.jpg

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\3aN1Sc00l.jpg

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\7nxB3.jpg

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\S5g886S8e.jpg

c:\program files\alot

c:\program files\alot\alotUninst.exe

c:\program files\alot\bin\alot.dll

c:\program files\Common Files\file.exe

c:\program files\Common Files\InternetAntivirusPro.exe

c:\recycler\S-1-5-21-2834401550-404900973-3593331270-1003

c:\recycler\S-1-5-21-3606347674-2446015613-2949392036-1003

D:\Autorun.inf

G:\autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))

.

2010-03-18 22:39 . 2010-03-18 22:40 -------- d-----w- C:\32788R22FWJFW

2010-03-18 22:37 . 2010-02-12 23:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

2010-03-18 00:54 . 2006-04-06 00:38 110592 ----a-w- c:\documents and settings\Owner\Application Data\U3\temp\cleanup.exe

2010-03-18 00:52 . 2010-03-18 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\U3

2010-03-16 14:49 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG.SYS

2010-03-16 14:49 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX15.SYS

2010-03-16 14:49 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\CCERASER.DLL

2010-03-16 14:49 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\ECMSVR32.DLL

2010-03-16 14:49 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\EECTRL.SYS

2010-03-16 14:49 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\ERASER.SYS

2010-03-16 14:49 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG32.DLL

2010-03-16 14:49 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX32A.DLL

2010-03-14 23:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys

2010-03-14 23:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll

2010-03-14 23:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys

2010-03-14 23:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll

2010-03-14 23:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys

2010-03-11 01:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys

2010-03-11 01:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys

2010-03-11 01:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll

2010-03-11 01:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll

2010-03-11 01:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys

2010-03-10 18:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-18 01:42 . 2009-07-28 18:08 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-11 14:51 . 2009-12-05 23:23 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-31 16:50 . 2006-05-07 01:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2006-05-07 01:24 916480 ----a-w- c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-05 23:20 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-16 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-16 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-16 94208]

"CHotkey"="zHotkey.exe" [2006-11-07 547840]

"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]

"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-16 16132608]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-23 77824]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [1/27/2010 6:20 PM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [1/27/2010 6:20 PM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [1/27/2010 6:20 PM 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 6:23 PM 329592]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 6:20 PM 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 6:39 PM 102448]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]

.

Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{03EDDF16-8C2A-4A4B-9E37-2F853836AEB4}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

AddRemove-InterAntiVPro_is1 - c:\program files\Internet Antivirus Pro\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 18:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

Completion time: 2010-03-18 18:09:47

ComboFix-quarantined-files.txt 2010-03-18 23:09

Pre-Run: 93,371,400,192 bytes free

Post-Run: 96,078,708,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 89513E26962C84D03E877F9682F0A4A0

Malwarebytes' Anti-Malware 1.44

Database version: 3884

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/18/2010 6:53:14 PM

mbam-log-2010-03-18 (18-52-20).txt

Scan type: Quick Scan

Objects scanned: 115060

Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntiVirus) -> No action taken.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Make sure Word Wrap is turned OFF in Notepad.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Let me know how things are running now.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.