Jump to content

Recommended Posts

I have been having Firefox redirect problems for several days. I ran Norton Antivirus, Malwarebytes, Spybot, and Spywareblaster and discovered minor problems (tracking cookies, etc.). I then ran MSSE and discovered I have win32/Alureon.h. Ran Hitman Pro 3.5 which quarantined the virus. I was prompted to enter Windows XP disc to replace infected file which I did. Rebooted and it appears nothing has worked - still getting Firefox redirects........

My computer is a Dell Vostro 2510 running MS XP Pro ,version 5.1.2600 SP3...

Would appreciate any help. Thanks

Truprecht

Link to post
Share on other sites

I have been having Firefox redirect problems for several days. I ran Norton Antivirus, Malwarebytes, Spybot, and Spywareblaster and discovered minor problems (tracking cookies, etc.). I then ran MSSE and discovered I have win32/Alureon.h. Ran Hitman Pro 3.5 which quarantined the virus. I was prompted to enter Windows XP disc to replace infected file which I did. Rebooted and it appears nothing has worked - still getting Firefox redirects........

My computer is a Dell Vostro 2510 running MS XP Pro ,version 5.1.2600 SP3...

Would appreciate any help. Thanks

Truprecht

Link to post
Share on other sites

Ran defogger and received the following defogger_disable message.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:30 on 13/05/2010 (Thomas Ruprecht)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

Ran defogger and received the following defogger_disable message.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:30 on 13/05/2010 (Thomas Ruprecht)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DDS (Ver_10-03-17.01) - NTFSx86

Run by Thomas Ruprecht at 18:38:54.00 on Thu 05/13/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1810 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\SvcTools\8.0.81.5\bin\lnchr.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\OEM13Mon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\DellTPad\HidFind.exe

C:\SvcTools\8.0.81.5\bin\lnchr.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Thomas Ruprecht\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:\windows\system32\Userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sMA8.0.81.5] c:\svctools\8.0.81.5\bin\lnchr.exe --context=user --control-dir=c:\svctools\8.0.81.5\ctrl-user

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [Alcmtr] ALCMTR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Event Reminder.lnk.disabled

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm

IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm

IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm

IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://coverall.webex.com/client/T27L/support/ieatgpc.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Authentication Packages = msv1_0 nwprovau

LSA: Notification Packages = scecli psqlpwd

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas~1\applic~1\mozilla\firefox\profiles\bhvs08a5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\thomas ruprecht\application data\mozilla\firefox\profiles\bhvs08a5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\thomas ruprecht\application data\mozilla\firefox\profiles\bhvs08a5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\documents and settings\thomas ruprecht\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\thomas ruprecht\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-13 218592]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-5-10 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-5-10 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-5-10 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-5-10 116784]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-13 112592]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-5-10 126392]

R2 SMA8.0.81.5;Software Management Agent 8.0.81.5;c:\svctools\8.0.81.5\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\8.0.81.5\ctrl --> c:\svctools\8.0.81.5\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\8.0.81.5\ctrl [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-10 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-10 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100513.002\NAVENG.SYS [2010-5-13 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100513.002\NAVEX15.SYS [2010-5-13 1347504]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-4-6 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-4-6 235840]

S2 gupdate1c9bc78fc9fa2ac;Google Update Service (gupdate1c9bc78fc9fa2ac);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-4-26 51288]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-4-26 43608]

S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-4-6 141376]

S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-8-27 182528]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-13 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-13 1142224]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-7-14 85504]

=============== Created Last 30 ================

2010-05-13 22:30:46 0 ----a-w- c:\documents and settings\thomas ruprecht\defogger_reenable

2010-05-13 20:14:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-13 20:14:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-05-13 20:14:30 0 d-----w- c:\program files\Hitman Pro 3.5

2010-05-13 19:42:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 19:42:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-13 19:42:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-13 19:30:46 882 ----a-w- c:\windows\RegSDImport.xml

2010-05-13 19:30:46 879 ----a-w- c:\windows\RegISSImport.xml

2010-05-13 19:30:46 767952 ----a-w- c:\windows\BDTSupport.dll

2010-05-13 19:30:46 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-05-13 19:30:46 131 ----a-w- c:\windows\IDB.zip

2010-05-13 19:30:45 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-05-13 19:30:45 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-05-13 19:30:45 1152444 ----a-w- c:\windows\UDB.zip

2010-05-13 19:30:31 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-05-13 19:30:31 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-05-13 19:29:59 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-05-13 19:29:59 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-05-13 19:29:59 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-05-13 19:29:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-05-13 19:29:42 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-05-13 19:29:42 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-05-13 19:29:32 0 d-----w- c:\program files\common files\PC Tools

2010-05-13 19:29:32 0 d-----w- c:\docume~1\thomas~1\applic~1\PC Tools

2010-05-13 19:29:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-05-13 15:19:08 0 d-----w- c:\program files\MozBackup

2010-05-13 14:57:03 0 d-----w- c:\windows\system32\NtmsData

2010-05-13 06:03:13 0 d-----w- c:\docume~1\thomas~1\applic~1\Tific

2010-05-13 04:18:41 8832 ----a-w- c:\windows\system32\drivers\ocapyapz.sys

2010-05-12 18:25:46 0 d-----w- c:\windows\system32\MpEngineStore

2010-05-12 17:47:13 174 ----a-w- c:\windows\system32\MRT.INI

2010-05-10 21:41:39 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-05-10 13:46:16 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-10 13:46:16 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-10 13:46:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-10 13:46:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-10 13:46:15 0 d-----w- c:\program files\Symantec

2010-05-10 13:46:15 0 d-----w- c:\program files\common files\Symantec Shared

2010-05-10 13:45:44 0 d-----w- c:\windows\system32\drivers\NIS

2010-05-10 13:45:41 0 d-----w- c:\program files\Norton Internet Security

2010-05-10 13:44:58 0 d-----w- c:\program files\NortonInstaller

2010-05-10 13:27:25 0 d-----w- c:\windows\LMI2B.tmp

2010-05-09 04:30:34 0 d-----w- c:\docume~1\thomas~1\applic~1\Malwarebytes

2010-05-09 04:30:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-01 23:45:19 0 d-----w- c:\program files\iPod

2010-05-01 23:45:00 0 d-----w- c:\program files\iTunes

2010-05-01 23:45:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-05-01 23:28:26 0 d-----w- c:\program files\Bonjour

2010-04-26 22:10:12 0 d-----w- c:\windows\system32\SDA

2010-04-26 22:10:12 0 d-----w- c:\program files\O2Micro Flash Memory Card Driver

2010-04-26 20:41:52 0 d-----w- c:\program files\SpywareBlaster

2010-04-26 18:44:46 0 d-sh--w- c:\documents and settings\thomas ruprecht\PrivacIE

2010-04-26 18:36:31 0 d-sh--w- c:\documents and settings\thomas ruprecht\IETldCache

2010-04-26 18:17:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-26 18:17:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-26 18:17:07 0 d-----w- c:\windows\ie8updates

2010-04-26 18:16:30 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-04-26 18:15:20 0 dc-h--w- c:\windows\ie8

2010-04-26 15:52:32 739160 ----a-w- c:\windows\system32\O2Icon.dll

2010-04-26 15:52:32 43608 ----a-w- c:\windows\system32\drivers\o2sd.sys

2010-04-26 15:52:29 935768 ----a-w- c:\windows\system32\O2Icon_2.dll

2010-04-26 15:52:29 71512 ----a-w- c:\windows\system32\drivers\o2flash.exe

2010-04-26 15:52:29 51288 ----a-w- c:\windows\system32\drivers\o2media.sys

2010-04-19 03:28:08 0 d-----w- c:\windows\SQL9_KB970892_ENU

2010-04-19 02:53:33 0 d-----w- c:\docume~1\thomas~1\applic~1\Office Genuine Advantage

2010-04-14 15:10:18 3250 ----a-w- c:\windows\system32\wbem\Outlook_01cadbe4984ede94.mof

==================== Find3M ====================

2010-05-13 03:33:23 122177 ----a-w- c:\windows\system32\nvModes.dat

2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-06 03:18:29 61224 ----a-w- c:\documents and settings\thomas ruprecht\GoToAssistDownloadHelper.exe

2010-03-02 05:36:50 2068 ----a-w- c:\program files\imaginfo.pe4

2010-03-02 05:36:50 20519 ----a-w- c:\program files\imageiio.pe4

2010-03-01 06:06:03 256 ----a-w- c:\documents and settings\thomas ruprecht\pool.bin

2010-02-28 03:38:12 80324 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-14 02:47:08 0 ----a-w- c:\program files\logfile.txt

2009-06-30 01:06:56 8901 ----a-w- c:\program files\DeIsL1.isu

2009-06-30 01:06:42 147 ----a-w- c:\program files\_DEISREG.ISR

2001-10-19 15:25:16 169355 ----a-w- c:\program files\logo.pcx

2001-09-20 22:24:28 790528 ------w- c:\program files\golf.exe

2001-09-12 18:22:14 3638 ------w- c:\program files\simgolf.ico

2001-08-19 15:36:24 346624 ------w- c:\program files\Mss32.dll

2001-08-16 01:26:50 45117 ------w- c:\program files\course1.pcx

2001-08-15 18:27:22 291328 ------w- c:\program files\binkw32.dll

2001-08-09 17:25:20 71 ------w- c:\program files\lighting.txt

2001-08-03 23:53:40 31358 ------w- c:\program files\GBUBBLES.PCX

2001-08-02 16:32:18 149831 ------w- c:\program files\BLDG.PCX

2001-07-16 23:00:58 6017 ------w- c:\program files\jackal.txt

2001-07-16 01:41:28 129618 ------w- c:\program files\cliffs01.pcx

2000-10-03 20:54:40 3361 ------w- c:\program files\Jackal.pcx

2000-09-18 16:36:40 1669 ------w- c:\program files\Radiobut.pcx

2000-05-05 13:26:08 5577 ----a-w- c:\program files\Readme.txt

2000-04-30 20:36:16 457033 ----a-w- c:\program files\Startup Guide.pdf

2000-04-29 19:34:48 8966 ----a-w- c:\program files\license.txt

1999-09-24 02:04:12 2998 ----a-w- c:\program files\Hcp.ico

1999-07-28 16:44:18 26004 ----a-w- c:\program files\hcpengine.gif

1999-04-08 15:18:44 49152 ----a-w- c:\program files\_ISREG32.DLL

2009-04-06 19:13:29 76 --sh--r- c:\windows\CT4CET.bin

============= FINISH: 18:40:45.09 ===============

Attach_Notepad.zip

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Thomas Ruprecht at 18:38:54.00 on Thu 05/13/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1810 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\SvcTools\8.0.81.5\bin\lnchr.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\OEM13Mon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\DellTPad\HidFind.exe

C:\SvcTools\8.0.81.5\bin\lnchr.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Thomas Ruprecht\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:\windows\system32\Userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sMA8.0.81.5] c:\svctools\8.0.81.5\bin\lnchr.exe --context=user --control-dir=c:\svctools\8.0.81.5\ctrl-user

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [Alcmtr] ALCMTR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Event Reminder.lnk.disabled

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm

IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm

IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm

IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab

DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://coverall.webex.com/client/T27L/support/ieatgpc.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Authentication Packages = msv1_0 nwprovau

LSA: Notification Packages = scecli psqlpwd

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas~1\applic~1\mozilla\firefox\profiles\bhvs08a5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\thomas ruprecht\application data\mozilla\firefox\profiles\bhvs08a5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\thomas ruprecht\application data\mozilla\firefox\profiles\bhvs08a5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\documents and settings\thomas ruprecht\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\thomas ruprecht\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-13 218592]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-5-10 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-5-10 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-5-10 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-5-10 116784]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-13 112592]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-5-10 126392]

R2 SMA8.0.81.5;Software Management Agent 8.0.81.5;c:\svctools\8.0.81.5\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\8.0.81.5\ctrl --> c:\svctools\8.0.81.5\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\8.0.81.5\ctrl [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-10 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-10 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100513.002\NAVENG.SYS [2010-5-13 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100513.002\NAVEX15.SYS [2010-5-13 1347504]

R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-4-6 7424]

R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-4-6 235840]

S2 gupdate1c9bc78fc9fa2ac;Google Update Service (gupdate1c9bc78fc9fa2ac);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-4-26 51288]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-4-26 43608]

S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-4-6 141376]

S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-8-27 182528]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-13 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-13 1142224]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-7-14 85504]

=============== Created Last 30 ================

2010-05-13 22:30:46 0 ----a-w- c:\documents and settings\thomas ruprecht\defogger_reenable

2010-05-13 20:14:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-13 20:14:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-05-13 20:14:30 0 d-----w- c:\program files\Hitman Pro 3.5

2010-05-13 19:42:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 19:42:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-13 19:42:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-13 19:30:46 882 ----a-w- c:\windows\RegSDImport.xml

2010-05-13 19:30:46 879 ----a-w- c:\windows\RegISSImport.xml

2010-05-13 19:30:46 767952 ----a-w- c:\windows\BDTSupport.dll

2010-05-13 19:30:46 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-05-13 19:30:46 131 ----a-w- c:\windows\IDB.zip

2010-05-13 19:30:45 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-05-13 19:30:45 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-05-13 19:30:45 1152444 ----a-w- c:\windows\UDB.zip

2010-05-13 19:30:31 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-05-13 19:30:31 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-05-13 19:29:59 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-05-13 19:29:59 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-05-13 19:29:59 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-05-13 19:29:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-05-13 19:29:42 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-05-13 19:29:42 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-05-13 19:29:32 0 d-----w- c:\program files\common files\PC Tools

2010-05-13 19:29:32 0 d-----w- c:\docume~1\thomas~1\applic~1\PC Tools

2010-05-13 19:29:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-05-13 15:19:08 0 d-----w- c:\program files\MozBackup

2010-05-13 14:57:03 0 d-----w- c:\windows\system32\NtmsData

2010-05-13 06:03:13 0 d-----w- c:\docume~1\thomas~1\applic~1\Tific

2010-05-13 04:18:41 8832 ----a-w- c:\windows\system32\drivers\ocapyapz.sys

2010-05-12 18:25:46 0 d-----w- c:\windows\system32\MpEngineStore

2010-05-12 17:47:13 174 ----a-w- c:\windows\system32\MRT.INI

2010-05-10 21:41:39 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-05-10 13:46:16 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-05-10 13:46:16 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-05-10 13:46:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-05-10 13:46:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-05-10 13:46:15 0 d-----w- c:\program files\Symantec

2010-05-10 13:46:15 0 d-----w- c:\program files\common files\Symantec Shared

2010-05-10 13:45:44 0 d-----w- c:\windows\system32\drivers\NIS

2010-05-10 13:45:41 0 d-----w- c:\program files\Norton Internet Security

2010-05-10 13:44:58 0 d-----w- c:\program files\NortonInstaller

2010-05-10 13:27:25 0 d-----w- c:\windows\LMI2B.tmp

2010-05-09 04:30:34 0 d-----w- c:\docume~1\thomas~1\applic~1\Malwarebytes

2010-05-09 04:30:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-01 23:45:19 0 d-----w- c:\program files\iPod

2010-05-01 23:45:00 0 d-----w- c:\program files\iTunes

2010-05-01 23:45:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-05-01 23:28:26 0 d-----w- c:\program files\Bonjour

2010-04-26 22:10:12 0 d-----w- c:\windows\system32\SDA

2010-04-26 22:10:12 0 d-----w- c:\program files\O2Micro Flash Memory Card Driver

2010-04-26 20:41:52 0 d-----w- c:\program files\SpywareBlaster

2010-04-26 18:44:46 0 d-sh--w- c:\documents and settings\thomas ruprecht\PrivacIE

2010-04-26 18:36:31 0 d-sh--w- c:\documents and settings\thomas ruprecht\IETldCache

2010-04-26 18:17:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-26 18:17:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-26 18:17:07 0 d-----w- c:\windows\ie8updates

2010-04-26 18:16:30 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-04-26 18:15:20 0 dc-h--w- c:\windows\ie8

2010-04-26 15:52:32 739160 ----a-w- c:\windows\system32\O2Icon.dll

2010-04-26 15:52:32 43608 ----a-w- c:\windows\system32\drivers\o2sd.sys

2010-04-26 15:52:29 935768 ----a-w- c:\windows\system32\O2Icon_2.dll

2010-04-26 15:52:29 71512 ----a-w- c:\windows\system32\drivers\o2flash.exe

2010-04-26 15:52:29 51288 ----a-w- c:\windows\system32\drivers\o2media.sys

2010-04-19 03:28:08 0 d-----w- c:\windows\SQL9_KB970892_ENU

2010-04-19 02:53:33 0 d-----w- c:\docume~1\thomas~1\applic~1\Office Genuine Advantage

2010-04-14 15:10:18 3250 ----a-w- c:\windows\system32\wbem\Outlook_01cadbe4984ede94.mof

==================== Find3M ====================

2010-05-13 03:33:23 122177 ----a-w- c:\windows\system32\nvModes.dat

2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-06 03:18:29 61224 ----a-w- c:\documents and settings\thomas ruprecht\GoToAssistDownloadHelper.exe

2010-03-02 05:36:50 2068 ----a-w- c:\program files\imaginfo.pe4

2010-03-02 05:36:50 20519 ----a-w- c:\program files\imageiio.pe4

2010-03-01 06:06:03 256 ----a-w- c:\documents and settings\thomas ruprecht\pool.bin

2010-02-28 03:38:12 80324 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-14 02:47:08 0 ----a-w- c:\program files\logfile.txt

2009-06-30 01:06:56 8901 ----a-w- c:\program files\DeIsL1.isu

2009-06-30 01:06:42 147 ----a-w- c:\program files\_DEISREG.ISR

2001-10-19 15:25:16 169355 ----a-w- c:\program files\logo.pcx

2001-09-20 22:24:28 790528 ------w- c:\program files\golf.exe

2001-09-12 18:22:14 3638 ------w- c:\program files\simgolf.ico

2001-08-19 15:36:24 346624 ------w- c:\program files\Mss32.dll

2001-08-16 01:26:50 45117 ------w- c:\program files\course1.pcx

2001-08-15 18:27:22 291328 ------w- c:\program files\binkw32.dll

2001-08-09 17:25:20 71 ------w- c:\program files\lighting.txt

2001-08-03 23:53:40 31358 ------w- c:\program files\GBUBBLES.PCX

2001-08-02 16:32:18 149831 ------w- c:\program files\BLDG.PCX

2001-07-16 23:00:58 6017 ------w- c:\program files\jackal.txt

2001-07-16 01:41:28 129618 ------w- c:\program files\cliffs01.pcx

2000-10-03 20:54:40 3361 ------w- c:\program files\Jackal.pcx

2000-09-18 16:36:40 1669 ------w- c:\program files\Radiobut.pcx

2000-05-05 13:26:08 5577 ----a-w- c:\program files\Readme.txt

2000-04-30 20:36:16 457033 ----a-w- c:\program files\Startup Guide.pdf

2000-04-29 19:34:48 8966 ----a-w- c:\program files\license.txt

1999-09-24 02:04:12 2998 ----a-w- c:\program files\Hcp.ico

1999-07-28 16:44:18 26004 ----a-w- c:\program files\hcpengine.gif

1999-04-08 15:18:44 49152 ----a-w- c:\program files\_ISREG32.DLL

2009-04-06 19:13:29 76 --sh--r- c:\windows\CT4CET.bin

============= FINISH: 18:40:45.09 ===============

I got the blue screen of death about 2 minutes into running the rootkit software. When I rebooted my Bluetooth was disconnected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.